Archive for September 2015

Friday, September 25, 2015 [Tweets] [Favorites]

FBSimulatorControl

Facebook (via Peter Steinberger):

The original use-case for FBSimulatorControl was to boot Simulators to run End-to-End tests with WebDriverAgent. As FBSimulatorControl is a Mac OS X framework, it can be linked to from inside any Mac OS Library, Application, or xctest target. There may be additional use-cases that you may find beyond UI Test Automation.

FBSimulatorControl works by linking with the private DVTFoundation, CoreSimulator and DVTiPhoneSimulatorRemoteClient frameworks that are present inside the Xcode bundle. Doing this allows FBSimulatorControl to talk directly to the same APIs that Xcode and simctl do. This, combined with launching the Simulator binaries directly, means that multiple Simulators can be launched simultaneously. Test targets can be made that don’t depend on any Application targets, or that launch multiple Application targets. This enables running against pre-built and archived Application binaries, rather than a binary that is built by a Test Target.

Swizzling With Swift

Sash Zats:

Another issue I’ve yet to mention is how to call the original implementation. In this case, I had no desire to figure out how to re-implement the function, so we have to call the original implementation, and retain the returning object on top. This is a problem with Swift 1.2: you cannot call C functions just through their pointer. To be clear, you can call C functions from Swift, but you cannot obtain pointers to functions using other tools and call the function through its pointer like you would do in Objective-C.

As a result, this part has to be implemented in Objective-C. I am not proud about it, but that’s what we have to do for now.

Swift 2 does support calling C function pointers.

DirectLinks Safari Extension

John Gruber (tweet):

If you’ve ever tried dragging-and-dropping a URL from Google search results and getting a Google redirection URL instead of the actual URL you wanted (and Google’s JavaScript will show the actual URL in the status field if you hover over the link, so it’s impossible to tell that’s what’s going to happen), this extension is for you. There are obvious privacy benefits as well.

Using Xcode Targets

Sam Marshall:

Source files must be added to all the framework targets by hand, same goes for any new files you add. Since this is very easy to miss doing from the new file dialog, it is generally discouraged to add the same file to multiple targets (if what the targets are building are not significantly different). You not only have to maintain the code for the frameworks individually, but also all the build settings for them. This plus adding tests for all the targets quickly becomes an unreasonable goal to set for any development team without breaking all the frameworks into separate entities -- and away from a singular code-base.

[…]

While changing anything in a working build system is a risk, there are some big benefits you get for using xcconfig files instead of build settings stored on the project file.

[…]

A scheme can specify a single build configuration to be used for multiple targets. This means that instead of having schemes for each framework and then each application target, you can have a single scheme that tells a single framework target to be built using a specific configuration and associated xcconfig file (you can set this up to be able to change the requirements of building based on target OS, so a single target could build for iOS, Mac, watchOS, and tvOS) before building the application target. Doing this means cutting the footprint of your code down significantly as well as removing the complexity of managing multiple targets.

Which iOS Content Blocker is the Fastest?

Ben Brooks:

When I tried with all blockers on, I did not get the performance of the fastest blocker, and instead got performance on the slower side of the blockers tested. It is my recommendation that you only use one blocker at a time.

[…]

As you can see, 1Blocker is the winner. It was (on average) 61.83% faster than having nothing turned on at all. That’s staggering. The worst of the lot seems to be Vivio, which was marginally faster than simply just turning on ‘Do Not Track’ in your browser settings.

1Blocker is also highly configurable as well. If you want something on the simple end of things, which makes decisions for you to unblock ads from places like The Deck, Adamant is a great option. It was the third fastest overall, and is trying to support the indie sites ad revenue the best it can.

iOS 9 Adds Wi-Fi Assist

Casey Liss:

Wi-Fi Assist allows for your phone to more aggressively fall back to using its onboard cellular connection in case the Wi-Fi it is connected to doesn’t respond in a timely fashion. While dangerous for some with small data plans, for those with some breathing room, this is a fantastic addition.

Update (2015-10-04): Mark Pygas:

If you’re on a limited data plan, that’s bad news.

Slashdot:

That's helpful if you're in the middle of watching a video or some other task on the internet that you don't want interrupted by spotty Wi-Fi service. Unfortunately, Wi-Fi Assist is enabled by default, which means that users may exceed their data cap without knowing it because their phone is silently switching their data connection from Wi-Fi to cellular.

Update (2015-10-14): Dan Moren:

So, yes, it’s still possible for Wi-Fi Assist to chew through your data, but it seems like Apple’s identified the key spots where that might really be dangerous and preemptively moved to address them.

Thursday, September 24, 2015 [Tweets] [Favorites]

Rosyna Needs Help

Rosyna Keller:

I’ve only got a total of $0.06 left to my name and I only have a room here until 11am (Phoenix) on Thursday, September 24th, 2015. I have no idea what to do, I’m broke, and I’m hiding from extremely abusive family.

Dave DeLong:

If you can spare anything, @rosyna’s PayPal is rosyna@mac.com.

Brent Simmons:

A necessary mark of a good community is that we help people who need help. Rosyna needs help.

Jesper:

Rosyna Keller, this guy I’ve seen around for years, from back in the day where Unsanity and Haxies and the Cocoa-Carbon wars were a thing, uses [a pseudonym] of necessity. He’s on the run and the subject of extreme misfortune and hardship that makes me feel really titchy about my own problems.

Rosyna is an enigma. I don’t really know who he is or what he’s been up to since the haxie days. But I do know that he’s long been a important part of our community, figuring out how things work, locating bugs, and making insightful comments.

Update (2015-09-24): Edward Marczak:

Know it or not, you’ve used @rosyna’s software in some form.

Gwynne Raskind (tweet):

In short, while Rosyna can’t be said to be solely responsible for my career, his work was a major factor in making what I’ve accomplished so far possible.

[…]

I learned in that time that it wasn’t just Unsanity that Rosyna was known for. He is a diligent researcher, a person of great insight into the workings of these machines. He has solved problems no one else could. He has helped any number of fellow developers and fellow people when he could, and with more patience and compassion than some of the most famous minds of our generation.

Swift 2.1

Russ Bishop (comments):

If you thought Apple was slowing down with Swift, think again. Xcode 7.1 Beta 2 includes Swift 2.1. As always you can check the release notes for yourself because I don’t necessarily address everything here.

[…]

If only private things are modified in a file then it does not trigger recompilation of all files that depend on it. In some cases this can have a huge performance benefit

[…]

Function/closure types now have covariance and contravariance.

Update (2015-10-14): Russ Bishop covers Swift 2.1 Beta 3.

Swift 2 Bloat in the Twitter App

Nolan O’Brien:

Twitter app sizes:
w/ Swift 1.2 = 65MB
w/ Swift 2.0 = 125 MB
Thinned w/ Swift 2 = 77 MB

Epiphany: App thinning counters Swift 2.0 bloat

It’s not clear to me why this is happening, but it sounds like both the Swift libraries and the compiled code for the app itself are larger than before.

It seems entirely possible that overall system performance would decrease if more apps used Swift. The binaries are larger, so they’ll take up more storage space and RAM. They’re calling back and forth to Objective-C a lot, so they won’t see many benefits from pure Swift not doing message sending, and they may incur extra overhead due to bridging. Writing the code may be faster, though.

Update (2015-09-24): Apple:

App slicing is currently unavailable for iOS 9 apps due to an issue affecting iCloud backups created from iOS 9 where some apps from the App Store would only restore to the same model of iOS device.

When a customer downloads your iOS 9 app, they will get the Universal version of your app, rather than the variant specific for their device type.

The iOS Status Bar

The Status Bar is a Tumblr blog of screenshots showing buggy iOS status bars (via Cédric Luthi). An iOS app should properly handle different sizes, rotation, transparency, and more.

Custom Swift Pattern Matching Operators

Ole Begemann:

We know that greaterThan(0) must produce a function that takes a value and returns Bool. So in turn, greaterThan must be a function that takes another value and returns the first function.

[…]

Swift provides a special syntax for the definition of curried functions that mimics how they are called.

[…]

It’s impossible with this solution to give the compiler any hints for exhaustiveness checking, so it will always force us to provide a default case. If you are certain that your patterns cover every possible value, it is a good idea to put a fatalError() call into the default case to document your expectation that this code path should never get hit.

[…]

Again, note that the missing whitespace between operators and operands is significant.

[…]

As a more practical example, suppose you want to check a string against several prefixes and suffixes.

Update (2015-10-14): Ole Begemann:

Ranges and intervals in Swift serve similar purposes but have different implementations and generic constraints. Ranges are based on indexes and are used most often in the context of collections. The fact that a range can’t contain the maximum value of a type can make them unsuitable for working with intervals of numbers. Intervals work with all Comparable types and don’t have the maximum-value limitation.

While custom operators should be used very sparingly, I’d argue that in this case they significantly improve readability without harming comprehensibility – the prefix and postfix operators are so close in meaning to their binary counterparts that even readers unfamiliar with the code should have no trouble understanding them.

Ole Begemann:

This works, but doing this for every method we want to use in this way quickly becomes tedious. So let’s write a generic function, flip, that moves the first argument of a curried function to the back, right before the final return value.

Counting Git Objects With Bitmap Indexes

Vicent Martí:

The result is a highly dense forest of interlinked nodes stored in the shape of a graph, but essentially accessed as a key-value store (each object in the database is only indexed by the SHA1 of its contents).

[…]

Git doesn’t keep a definite list of all objects reachable from the graph, and it cannot send every single object in its database as a whole, because it could very well be that some of those objects are not reachable at all in the repository and should be thrown away instead of sent to the client. The only thing Git knows are the tips of all branches, so its only option is to walk down the graph, all the way to the beginning of the history, listing every single object that needs to be sent.

[…]

Generally speaking, caching specific results to queries is a weak approach to performance in complex systems. What you want to do instead is caching intermediate steps of the computation, to be able to efficiently answer any kind of query.

[…]

For any given commit, its bitmap index marks all the objects that can be reached from it. To find the objects that can be reached from a commit, we simply look up its bitmap and check the marked bits on it; the graph doesn’t need to be traversed anymore, and an operation that used to take several minutes of CPU time (loading and traversing every single object in the graph) now takes less than 3ms.

[…]

When Git noticed that none of the objects on the list could be sent because they were delta’ed against other objects that were not in the list, it was forced to re-delta these objects. […] This is how we were losing all the benefits of our optimization, and in fact making the process of generating a packfile 40% slower than it was before, despite the fact that the most expensive phase of the process was essentially optimized away.

Apple Music for Android

Russell Ivanovic:

Remember back in June when Apple promised to bring their music app to Android in September? No? I do, because I was sitting in the keynote room at the time. My prevailing thought at the time was a simple one: “This is going to be fascinating. Will Apple try to clone their iOS app, or embrace Material Design, rise above pettiness and make something amazing?”.

[…]

I don’t know how much of an indication it gives you, but here’s their first ever Android app, released today […] It’s a poor attempt at making an Android app look like an iOS app. If you’re being generous, you might think Apple did this to make you more comfortable about moving to iOS.

Russell Ivanovic:

Apple Music on Android has the potential to be the best music app Apple has ever made.

[…]

They won’t be burdened by any legacy implementation: they could literally build it from scratch, with all the lessons they’ve learnt to date.

They don’t have the burden of having to play your local music like the iOS app, it could be a dedicated app for Apple sourced music only.

They can update the app as often as they want, iterating on things fast, since unlike iOS it’s not tied to OS releases.

Wednesday, September 23, 2015 [Tweets] [Favorites]

iPhones 6s Reviews

John Gruber:

For a typical iPhone user on a two-year upgrade cycle, I think the S years are the better phones, historically.

[…]

In terms of single-core performance, there isn’t a single Android phone that beats the two-year-old iPhone 5S. Android devices fare better in multi-core benchmarks, because they have more cores (some have eight, many have four — the iPhones 6S still have only two cores), but single-core performance is a better measure for the sort of things you can feel while using a device. Apple is literally years ahead of the industry.

[…]

The new iPhone 6S beats the new MacBook in single-core performance on Geekbench, and is within spitting distance in multi-core. That’s astounding.

[…]

Press on the keyboard and it turns into a trackpad. iPads running iOS 9 can trigger this trackpad mode, too, with a two-finger swipe on the keyboard. Doing it with a single finger on the iPhone, though, is a tremendous boon to text editing. This might be the single best new feature for text editing on the iPhone since the addition of selection and Copy/Paste in iOS 3 in 2009. In addition to moving the insertion point around, you can press again and switch to selection mode — like double-clicking the mouse button on a Mac. Trackpad mode is a once-you’ve-used-it-you-can’t-go-back addition to iOS.

[…]

The new taptic engine in the 6S feels as good or better than the old iPhone 4S vibrator. It’s just stronger and more pleasing.

[…]

Technically, the way it seems to work is that the iPhone creates two files: a 12 MP JPEG (exactly the same as when you shoot a still image with Live Photo disabled), and a three-second-long MOV file. When looked at through Image Capture on a Mac running OS X 10.10.x, you see both files in the iPhone camera roll: “IMG_1234.JPG” and “IMG_1234.MOV”. Both files have same numeric index after the “IMG_” prefix, and both files have the same creation date. The MOV file is 1440 × 1080 pixels, at 12.77 frames-per-second.

[…]

I understand the physics and optics involved, but it bothers me every single day that I can feel that nubbin. The best argument for forgiving the camera bump is that a vast majority of iPhone owners use a case of some sort, and with a case, the camera bump is a non-issue. But for those of us who don’t use cases, and who appreciate Apple’s general attention to every little detail, it’s a very minor but daily irritation.

[…]

The biggest thing keeping me from using this case for real, going forward, is that the raised edge along the side of the display gets in the way of performing edge-based gestures, primarily swiping to go back, and the new press-and-swipe to switch between apps with 3D Touch.

David Pogue:

There’s a new processor in the iPhone 6s family; Apple says it’s “up to 70 percent” faster. If you operate an iPhone 6 side-by-side with an iPhone 6s, the difference hits you between the eyes. Opening apps, switching apps, processing things—it all happens faster on the 6s. (You can see this side-by-side comparison in my video, above.)

The fingerprint reader is twice as fast now, too. If you’ve set up your phone to require unlocking every time you use it, you may come to cherish this feature most of all. When you press the Home button, the screen lights up so fast, you wonder if any authentication process took place at all. (It did.)

Apple also says that it has tuned both its Wi-Fi and its cellular (LTE) antennas to make them faster. This, too, is screamingly obvious when you call up Web sites side-by-side on the old and new phones. Who doesn’t like faster Internet?

[…]

At the outset, you’ll probably get tripped up when you try to rearrange icons on your Home screens. To do that, you may recall, you’re supposed to long-press an icon; for most people, that’s too similar to hard-pressing one. At first, you’ll keep getting the shortcut menu when you meant to enter icon-rearranging mode.

[…]

Ordinarily, you switch apps by double-pressing your Home button. But 3D Touch also offers a second way: Swipe in from the left edge of the screen while pressing hard.

At that point, you actually have three features at your disposal[…]

[…]

I’ve been taking lots of pictures in lots of lighting situations with the iPhone 6 and 6s side-by-side, and I can’t tell any difference. Can you?

[…]

This whole 3-second video business isn’t new. HTC’s version, back in 2013, was called Zoe; Nokia’s, last year, was called Living Images. Pocket cameras like the Nikon One have a dedicated button just for capturing them.

Matthew Panzarino:

Pressing lightly to ‘peek’ and pushing hard to ‘pop’ it into existence provides an escape hatch that eases your mind, and a new iOS 9 affordance injects a ‘back’ button at the top-left corner of any screen you jump to. iOS 9’s new task manager, accessed by a firm press on the edge of the screen (or the standard double-tap of the home button) is also arranged in a much more contextually rich card format — a timeline of your jumping around through apps.

[…]

As a tip, there is a setting inside Settings>General>Accessibility that will allow you to adjust the sensitivity thresholds of 3D Touch. This was doubtless to help people with motor skills or grip-strength issues use the feature. But I found that because I jump between apps and use my iPhone pretty ferociously, I wanted the actions to happen quicker (with a lighter press), so I turned it all the way up to its ‘most sensitive’ setting. Play with this if you have trouble triggering it or do it too much.

[…]

Live Photos are not really a new format. The images, which are accompanied by 3 seconds of video (split before and after your shot) are stored as a .jpg file on your iPhone. The video is a .mov file containing 45 frames that play back at around 15fps when you press and hold on an image. The whole package takes up roughly the space of two regular 12 megapixel images.

[…]

I was incredibly impressed by the differences in camera quality between the iPhone 6 Plus and the iPhone 6s Plus. It’s very, very noticeable and very welcome. The images aren’t over-sharpened because they don’t need to be — the detail is already there. The shots I took at night are pleasantly grainy, not so noise-reduced that they’re muddy blobby messes. The stabilization in the iPhone 6s Plus is still a very good reason for iPhone photographers to upgrade over the iPhone 6s — though both have ‘cinematic’ stabilization done in software.

[…]

Apple says its new Touch ID sensor is twice the speed of the one in the iPhone 6/6 Plus. I’m sure someone will try to measure it, but I think this one metric is enough: The new fingerprint sensor is so fast that you can no longer tap the home button to wake your screen, because it will unlock instantly.

See also: see the lists from iMore and Jason Snell.

Brotli

Zoltan Szabadka:

While Zopfli is Deflate-compatible, Brotli is a whole new data format. This new format allows us to get 20–26% higher compression ratios over Zopfli. In our study ‘Comparison of Brotli, Deflate, Zopfli, LZMA, LZHAM and Bzip2 Compression Algorithms’ we show that Brotli is roughly as fast as zlib’s Deflate implementation. At the same time, it compresses slightly more densely than LZMA and bzip2 on the Canterbury corpus. The higher data density is achieved by a 2nd order context modeling, re-use of entropy codes, larger memory window of past data and joint distribution codes. Just like Zopfli, the new algorithm is named after Swiss bakery products. Brötli means ‘small bread’ in Swiss German.

Previously: Zopfli, Apple’s new Compression library and LZFSE.

San Francisco Quotation Marks

Dr. Drang:

Given the overall look of San Francisco—and especially its commas—Gruber thought Verdana-style block quotation marks looked better. By the Apple Event on September 9, it was apparent that Apple agreed with him: San Francisco’s quotes are right again in the build of iOS 9 on the hands-on demo units.

A significant difference, though, is that while the early versions of San Francisco’s opening quotes were slanted down and to the right (like Verdana’s), the final versions are slanted down and to the left, just like its closing quotes. The only difference now between San Francisco’s opening and closing quotation marks is the tapering. The ticks of the opening quotes are fatter on the bottom, while the closing ticks are fatter on the top.

Update (2015-10-04): Khoi Vinh:

Of course, having such similar shapes for these glyphs can be a valid aesthetic choice for certain typefaces intended for certain kinds of usages. It just seems odd to me that San Francisco, which was custom designed for maximum legibility on digital devices, made this particular choice.

Akinori Machino (comments):

You can see the low legibility of Helvetica if you type texts in a small size and make them blur. Some texts become blended and hard to decipher.

[…]

This difference gives texts in SF Compact more margins between letters, resulting in high legibility in small devices like Apple Watch.

In addition, SF and SF Compact fonts are divided into two sub font families named “Text” and “Display”. This is what Apple calls “Optical Sizes”. The Text fonts are for smaller texts, and the Display fonts for bigger.

Update (2015-10-13): Nick Keppol:

The first way to compare the x-heights is to scale all of the typefaces to the same cap-height. This will give us the ratio of the x-height to the cap-height. If we use this metric for comparison, SF Compact and Verdana perform best, and DIN the worst.

[…]

Verdana and Lucida Grande have very open apertures avoiding becoming blurry at nearly all sizes. The bowl of the e does not curve back into the cross bar. It renders as a sharply defined aperture. These open apertures are one of primary traits of most screen fonts designed to be used at small sized or for low resolution displays.

Update (2015-10-23): Nick Keppol:

Unfortunately San Francisco has some of the same failings as Helvetica and Lucida Grande in mixed case settings. For example, it’s difficult to distinguish between the lowercase L and the capital i. To Apple’s credit though, they did take this into consideration with the vertical metrics. The ascender sits above the cap-height helping with mixed cased forms…just a little.

[…]

These optical cuts have unique adjustments made to the outlines of each glyph so they look best at their intended sizes. When the spacing differences between text and display are ignored and characters are overlaid directly on top of each other, you can see the differences in the glyph shapes.

[…]

Normally, punctuation sits on the baseline., however this looks off balance in time formats. Before San Francisco, you needed a few lines of code to fix this. More importantly, you had to remember to do it. San Francisco solves for this by having an alternate glyph with the colon aligned to the cap-heights optical center. The system switches to it automatically when it recognizes a time format. You can achieve the same thing in Photoshop by turning on the contextual alternates button in the Character palette, or by selecting the character from the Glyphs palette.

The Big Nerd Ranch Core Data Stack

Robert Edwards notes that the Nested Managed Object Context Pattern has some cons:

  • Slower than Shared Persistent Store Coordinator Pattern when inserting large data sets
  • awakeFromInsert being called on NSManagedObject subclasses for each context in the parent chain
  • Merge policies only apply to a context saving to a store and not to its parent context

[…]

Since saving an NSManagedObjectContext will only propagate changes up a single level to the parentContext, the Big Nerd Ranch Core Data Stack listens for save notifications and ensures that the changes get persisted all the way up the chain to your store.

You may sometimes need to perform large import operations where the nested context performance would be the bottleneck. For that, we’ve included a function to vend you a managed object context with its own stack newBatchOperationContext(setupCallback: CoreDataStackBatchMOCCallback). This follows the pattern outlined in Shared Store Stack Pattern.

Tuesday, September 22, 2015 [Tweets] [Favorites]

The Lost Apple Logos You’ve Never Seen

TheBrainFever (via John Gruber):

The way to tell it from other rainbow Apple logos is that the green top is a little thinner than it should be, and the “chin” (if you imagine the apple bite as a mouth) is a little fat.

[…]

From what I can tell, this was the first “public” version of the logo, used on initial print materials. The next version of the logo, the classic rainbow logo, was used for the computer badges, but remained in some print production materials.

[…]

I always called that typeface the “stormtrooper” font when I was a kid. I was bit deflated later on when I learned it’s real name was Motter Tektura.

Twitter and Universal Links

Federico Viticci:

Available for devices running iOS 9, Universal Links are regular HTTP links that, when tapped, will open the relevant view in a native app instead, with an option to view in Safari. Universal Links are safe, shared across platforms, and they can only be enabled by apps that have associated websites.

[…]

As I noted in my iOS 9 review, third-party Twitter clients won’t be able to take advantage of this integration as only associated app domains (in this case, twitter.com) can verify their iOS app. Even if you don’t use Twitter’s app for iOS, I would recommend keeping it installed if only for the better experience of automatically opening Twitter links from Messages, Mail, and other apps in the native client instead of the website.

Paul Haddad:

Disappointed with Apple’s implementation of Universal Links. IMO should be fully client based and let users choose which apps to open.

Update (2015-09-22): Apple engineer Jonathan Grynspan suggests that Twitter could support third-party clients via the apple-app-site-association file. Based on my understanding of how universal links work, this would not be a good solution (and I doubt Twitter would do this, anyway). But I may be missing something. He refers questions about this to Jonathan Davis.

Jonathan Davis:

Twitter is the authoritative owner of their links. If they want to allow third-party apps, it’s up to them.

Jonathan Grynspan:

App ordering in the JSON file is respected when using arrays, so (if a site wants) they could prioritize third-party clients.

XcodeGhost

Apple (comments):

We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.

John Gruber:

They didn’t attack the App Store itself, instead, they created a hacked version of Xcode that seems to work as expected but inserts the malware payload into the apps it compiles. Why in the world would developers download Xcode from a source other than Apple? Because China’s internet speeds are so slow (and Xcode is a multi-gigabyte download).

Joe Rossignol:

Palo Alto Networks has shared a full list of over 50 infected iOS apps, including WeChat, NetEase Cloud Music, WinZip, Didi Chuxing, Railway 12306, China Unicom Mobile Office and Tonghuashun.

[…]

iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol.

Joseph Cox:

Apple has now removed over 300 pieces of software from the App Store, after malware that targeted developers managed to create infected iOS apps. On top of that, it looks like the apps are more dangerous to Apple customers than previously thought.

[…]

But according to findings from one researcher, and then built upon by Xiao, the infected apps are also capable of receiving commands from the attacker. These commands can apparently allow a hacker to read and write data to the victim’s clipboard, open specific URLs, or prompt a fake alert on the victim’s screen. Some of these could be used to steal passwords, Xiao claims.

So much for the idea that App Review protects us from malware.

Previously: The CIA’s Xcode.

Update (2015-09-22): Dan Goodin:

This isn’t the first time a malicious app has made its way into the App Store, since there are a handful of other times bad titles have been found. Still, the number of infections and of the iOS users potentially affected appeared to be highly unusual, if not unprecedented. What’s more, Chinese firm Qihoo360 Technology, reportedly has said the number of affected apps is much bigger than originally reported, with a total of 344.

The list of infected apps includes some of the most popular apps in China, including the ride-hailing app Didi Kuaidi. WeChat, which has some 500 million users, was also affected, although the infection was limited only to version 6.2.5. People using version 6.2.6 and later aren’t affected, the chat developer said in a blog post.

Rosyna Keller says that XcodeGhost does not prompt for passwords.

Claud Xiao:

In the current version of the code, XcodeGhost cannot be directly used to phish iCloud passwords. However, by changing a few simple lines of code, it can do that.

Apple:

We’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords.

Update (2015-10-04): Rainer Brockerhoff:

Needless to say, the new version of RB App Checker Lite also detects the added frameworks and warns: “3 frameworks are suspect: they use system names but are NOT signed by Apple!”.

[…]

Therefore, unless you check the entire app contents with GateKeeper, RB App Checker Lite (or even the codesign command-line utility), it will be humanly impossible to pick out visually — by inspection in the Finder — if anything has been changed inside Xcode. So keep GateKeeper turned on! One suggestion Apple should implement is running GateKeeper tests for Apple-signed software even if GateKeeper has been deliberately disabled.

Saturday, September 19, 2015 [Tweets] [Favorites]

How to Turn iOS 9’s Keyboard Back to All Caps

John Gruber:

The main argument I’ve seen in favor of this change holds no water: that this is the solution to iOS 7’s is-it-on-or-is-it-off? Schrödinger’s Shift Key. The proper solution to an ambiguous Shift key is to replace it with an unambiguous Shift key. The lack of case shifting on the keyboard was not a problem on iOS 1-6 because the Shift key on the old keyboard was unambiguous. Whether you prefer a case-shifting keyboard or not, the Shift key should be unambiguous. These are two different things.

The good news is, Apple did improve the Shift key on iOS 9. When not engaged, the arrow glyph on the key cap is now hollow. When Shift is engaged, the key turns white and the arrow is solid black. With Caps Lock on, the arrow gets an underscore.

Update (2015-10-04): Rosyna Keller notes that the Mac System 1.1 software keyboard changed the case of the keys.

Riccardo Mori notes that the iOS 9 display of keyboard shortcuts mirrors the Newton’s.

Eli Schiff (comments):

With the release of iOS 9, there have been a variety of changes to the software keyboard. Unfortunately, none of them have addressed the fundamental problems of its visual design, as much as pundits might claim otherwise.

Peace iOS 9 Content Blocker

Marco Arment:

Today, I’m launching my own iOS 9 content blocker, called Peace, to bring peace, quiet, privacy, and — as a nice side benefit — ludicrous speed to iOS web browsing.

There are a lot of content blockers being released today, but Peace strikes the best balance I’ve seen between effectiveness, compatibility, simplicity, and speed, powered by what I’ve found to be the best database in the business after months of testing. And it’s just $2.99.

Marco Arment:

I was therefore faced with a decision about The Deck. I had to either:

  • Omit The Deck from Ghostery’s database, carving out an exception for the advertiser used by me and many of my friends.
  • Enforce Ghostery’s database consistently, potentially angering my own site’s advertiser and my friends who use it.

Marco Arment (tweet, comments):

I’ve pulled Peace from the App Store. I’m sorry to all of my fans and customers who bought this on my name, expecting it to be supported for longer than two days. It’ll keep working for a long time if you already have it, but with no updates.

[…]

As I write this, Peace has been the number one paid app in the U.S. App Store for about 36 hours. It’s a massive achievement that should be the highlight of my professional career.

[…]

I still believe that ad blockers are necessary today, and I still think Ghostery is the best one, but I’ve learned over the last few crazy days that I don’t feel good making one and being the arbiter of what’s blocked.

John Gruber:

Actually, I tried to talk him out of doing this. Seriously!

I think content blockers should block “crap”, not “ads”, and The Deck is not crap.

Marco Arment:

I’m giving it to [Ghostery].

Dave Mark:

I’ve tested all of these (visiting some specific ad-heavy pages), except where noted, and they all improve the mobile Safari experience. They are all free or relatively inexpensive. I suspect they’ll all evolve over time, as advertisers find ways to bypass content blockers and blockers update as they learn.

John Gruber:

Note that Hide & Seek has nothing to do with “blocking ads”. It is simply about maintaining your privacy and anonymity while using Google and Bing for web search. In my testing, it works like a charm.

Nick Lockwood:

Surely if ad blockers take off, sites will just start proxying the ads they display so they appear to come from same domain as the content?

Update (2015-09-22): Matt Henderson:

So what’s Arment to do when the email arrives from the guy in Brazil saying, “Hey, you whitelisted The Deck. Can you whitelist this Brazilian ad network as well? I know you can’t read the language, but take my word for it — it’s not crap either.” And then the request from Turkey. And then the request from China.

Marco Arment (tweet, comments):

Apple notified me this afternoon that they’ll be proactively refunding all purchases of Peace.

John Gruber:

@cabel Agreed, I was wrong. I knew the [Deck] network itself has never done cookies, but didn’t know a few advertisers had been granted exceptions.

Update (2015-09-25): There is more discussion on the Accidental Tech Podcast.

iOS 9 Reviews

Bank of America Adds Touch ID Support

Bank of America:

Use Touch ID or your fingerprint to securely sign in to your Mobile Banking app1. Skip typing in your Passcode on your mobile device and enjoy the quickest, simplest way to sign in.

Finally.

On Demand Resources and Games

David Owens II:

On-demand resources is fine for some classes games. However, this is not true for games like XCOM. The desktop version of this game clocks in at 20GB (Enemy Within). There is no amount of tagging, stripping, or slicing that is going to get a company like Firaxis Games to deliver a desktop quality game on Apple’s supposed desktop class hardware because desktop (and console) quality games are bigger than 2GB.

[…]

It’s decisions like this and the game controller decision (which is a fascinating case of stealth documentation changes) that tell me Apple just doesn’t care to really enable high-quality gaming on tvOS. Instead, companies are going to basically bringing their iOS versions over, which I find so disheartening. Especially since disk space is so cheap these days; put a 1TB fusion drive in the device and charge $50 more or stop teasing us with actually making the iOS and tvOS platforms a contender for more than just casual games.

Friday, September 18, 2015 [Tweets] [Favorites]

Objective-C Is Our Generation’s COBOL

Drew Crawford (tweet):

Sometime this year, probably right around now, Swift will surpass ObjC in search traffic. The number of people trying to google some Swift question will be greater than the number of people googling some ObjC question. Around now. Not next year, not when you’re planning your next major version and might have more time to think about porting a few classes. Right now.

[…]

Pretty much every new iOS developer I talk to is learning Swift. Not ObjC. Not Swift and ObjC. Just the Swift.

[…]

Your ObjC codebase isn’t going to go away. Just the people willing to work on it. Sorry.

My first reaction is to point out that of course there’s more search traffic for a language that’s new, in flux, and much more complex than its predecessor. That said, it’s quite possible that we have reached Peak Objective-C.

I’m having a good experience with Swift so far. It fixes so many things that have long annoyed me. There are certainly problems with Swift, but Apple is working at an impressive pace to address them. I do worry a bit that using Swift is going to paint me into a corner. Crawford writes:

Swift is essentially a superset of ObjC. Other than a few weird trivia questions (#pragma pack anyone?) you can do everything in Swift that you can in ObjC, and much, much, more.

This is mostly true, and you can migrate code piecemeal, but it does seem like there’s a point of no return. First, you cannot subclass a Swift class in Objective-C. Second, it doesn’t interoperate with C++. Third, Apple doesn’t really talk about it, but the bridge for Objective-C and Swift strings and collections is not toll-free. There seems to be overhead in just passing bridged objects back and forth between the two languages. This is probably not a problem in most cases, but it’s not clear to me what you can do if this bites you.

This is more a problem with Swift interoperating with Cocoa than with Swift the language. But if you’re writing an app, working well with Cocoa is what matters.

Ben Sandofsky:

I’m bullish about Swift, but it’s nuts to port a large, mission critical app to it, today.

Andy Matuschak:

This is a pretty accurate analysis. Having been an early patient, I can report mixed outcomes and excitement about the future.

Tim Burks:

I’m aware of two projects, one at a startup and one at a big big company, that were rewritten in ObjC after starting in Swift.

Ben Sandofsky:

Every new line of Objective-C you write today is technical debt in a Swift world.

Update (2016-03-22): Joris Kluivers:

Had to revert back to Objective-C for a delegate implementation. NSDictionary -> Swift Dictionary conversion for a param didn’t perform well

Facebook “Like” Button Tracking

Kashmir Hill (tweet):

Four years ago, Facebook promised that the “Like” buttons that had sprung up on non-Facebook sites all around the web wouldn’t be used to track users. In 2011, Facebook said, “No information we receive when you see social plugins is used to target ads; we delete or anonymize this information within 90 days, and we never sell your information.”

[…]

Now, every time you visit a site or use an app that has a Facebook “Like” or “Share” button, data about your visit will be captured and fed into Facebook’s advertising algorithm, even if you don’t actually click on the buttons. Millions of sites use Facebook’s off-site buttons, including many popular news sites, e-commerce sites, and, yes, adult entertainment sites.

Bitcode Breaks 3rd-Party Crash Reporters

HockeyApp (via Landon Fuller and Andreas Linde):

It is currently not possible to support crash reports from builds using Bitcode. When uploading an app to the App Store and leaving the “Bitcode” checkbox enabled, Apple will use that Bitcode build and re-compile it on their end before distributing it to devices. This will result in the binary getting a new UUID and there is no way to download a corresponding dSYM.

Swift 2 Generic Support for @objc Protocols

Joseph Lord (via Swift Sandbox):

Just had a response to a radar (thanks Apple Swift team) that you can now implement Objective C protocols with generic Swift classes. This means that you can make typesafe and composable classes to do much of the work for many UI objects without ugly wrapping code and indirection.

Wednesday, September 16, 2015 [Tweets] [Favorites]

Fixing Garbled Fonts on Apple Support Pages

Adam C. Engst:

We refer to a lot of Apple support pages (such as this one about iCloud pricing), and recently some of us started seeing them appear garbled, with overlapping characters in the title, and rendered weirdly such that we sometimes had to scroll right even to see the text at all. This didn’t happen to everyone, and it could occur (in slightly different ways) in all three major Web browsers: Safari, Google Chrome, and Firefox. Even more confusing, some of us had the problem in Safari but not in Chrome, whereas others saw it in Chrome but not Safari. Maddening!

[…]

The tip Michael found pointed out that the problem could be eliminated in Safari with a particular setting. Just open Safari > Preferences > Advanced and deselect “Never use font sizes smaller than.” It’s quite striking — just toggling that checkbox while that page is open reformats it completely.

jpd:

The root cause is the CSS - two odd things:

  1. html { font-size: 1px; }
  2. h1 { letter-spacing: -1rem; }

the “rem” measurement is CSS3, so fairly new, and setting “letter-spacing” to a negative value is strange. But it's the combination of the 1px default with the negative line-spacing that causes the problem.

Thanks to Brent Simmons for figuring this out last week.

Tuesday, September 15, 2015 [Tweets] [Favorites]

Parsing Mach-O Files

Alex Denisov:

Mach-O doesn’t have any special format like XML/YAML/JSON/whatnot, it’s just a binary stream of bytes grouped in meaningful data chunks. These chunks contain a meta-information, e.g.: byte order, cpu type, size of the chunk and so on.

Typical Mach-O file (corresponding to the official documentation) consists of a three regions[…]

[…]

OS X doesn’t provide us with any libmacho or something similar, the only thing we have here - a set of C structures defined under /usr/include/mach-o/*, hence we need to implement parsing on our own. It might be tricky, but it’s not that hard.

Microsoft Excel 2016 for Mac Keyboard Shortcuts

Rows and Columns

Select Current Row
Shift-Space
Select Current Column
Control-Space
Insert Row Above
(Shift-Space,) Control-Shift-= [was Control-I in Excel 2011]
Insert Column Left
(Control-Space,) Control-Shift-= [was Control-I in Excel 2011]
Delete Row
(Shift-Space,) Control-Hyphen
Delete Column
(Control-Space,) Control-Hyphen
Hide Column
Control-)
Unhide Column
Control-Shift-)
Hide Row
Control-(
Unhide Row
Control-Shift-(
AutoFit Multiple Columns
Select columns and double-click divider
Resize to Equal Columns
Select columns and drag one divider
Move/Reorder Columns
Select the columns to move. Move the cursor to the lower left corner of the column header so that it changes to a hand. The header corner must the slightly above the center of the cursor (not the corner where the tip of the arrow would be). Hold the Shift key and drag and drop the column.

Multiple Cells

Fill Right
Control-R
Fill Down
Control-D
Clear Cells
Forward Delete (fn-Delete)
Create Table
Command-T
Group Cells
Command-Shift-K
Ungroup Cells
Command-Shift-J

Cell Formats

Format Cells Dialog
Command-1
Format Number General
Control-~
Format Number With Thousands
Control-Shift-1
Format Time
Control-Shift-2
Format Date
Control-Shift-3
Format Currency
Control-Shift-4 ($)
Format Percentage
Control-Shift-5 (%)

Cell Borders

Toggle One Border
Command-Option–Arrow Key
Add All Borders
Command-Option-0
Remove All Borders
Command-Option-Hyphen

Cell Editing

Enter Edit Mode
Control-U
Move Insertion Point to Beginning
Home (fn–Left Arrow)
Move Insertion Point to End
End (fn–Right Arrow)
New Line in Same Cell
Control-Option-Return
Toggle Formulas/Values Shown
Control-`
Define Name
Control-L
Enter Current Date
Control-;
Toggle Formula Reference Style
Command-T or F4 (with the reference selected)
Type Number as Text Format
Prefix with '

Sheets

Next Sheet
Control-Page Down
Previous Sheet
Control-Page Up
Scroll to Selected Cell
Control-Delete

Source: Microsoft Excel Keyboard Shortcuts. Contrast with Numbers Keyboard Shortcuts.

Previously: Microsoft Excel 2011 for Mac Keyboard Shortcuts.

Monday, September 14, 2015 [Tweets] [Favorites]

Subscription iPhones

Benedict Evans:

However, a big shift in the mobile business in the last few years has been to unbundle the ‘subsidy’ from the contract into a separate installment plan, making the price much more transparent to the user. There was a widespread narrative that this would damage the high-end of the market (partly Samsung but mostly Apple), but this doesn’t seem to have happened at all.

However, shifting to an installment plan model does introduce a couple of interesting new dynamics.

First, unbundling the installments from the contract has often meant that the upfront cost of the phone goes away. Instead of paying (in the USA) $200 up front for a new iPhone, you pay zero. All things being equal, the monthly payments are therefore higher than the old subsidy that was embedded in the monthly phone contract, but it’s now two separate fees, the service part is now cheaper and the increased monthly installment/subsidy element is directly linked to ‘get a cool phone for zero up front’, so it may be easier to swallow.

[…]

So what happens to the old phones? When you take that upgrade, you have to hand in your old one. They go into the secondary market, which is rather the dark matter of the industry - we know it must be large and we can get some sense of that from survey data, but we don’t have a solid number. One illuminating data point is the fact that for the last several years the number of iPhones that seem to be in China (if you look at data from companies like Baidu) has been rather larger than the number of iPhones that Apple’s financial reporting implies could have been sold there. Second-hand closes some of the gap.

[…]

The really golden conversion is someone who was buying a new phone every two years (and probably not selling the old one). Now, instead of $650 over 2 years for the base model, they pay $778 and the previous years’ phones can be sold for another (say) 2x$350.

System Integrity Protection Documentation and Bugs

System Integrity Protection Guide (PDF):

This document covers the key concepts of System Integrity Protection and explains the implications it has on the design and capabilities of apps.

Via Rich Trouton (tweet), who has filed two bugs:

SIP’s protection of /System affects XProtect’s XProtect.plist and XProtect.meta.plist configuration files as they are stored in the following location inside /System:

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

As the XProtect configuration files will be locked against editing on OS X El Capitan, this means that they can no longer be managed to allow older versions of the Flash and Java browser plug-ins to run.

Pike has posted the man page for the new csrutil configuration tool. The “status” command lets you programmatically detect whether System Integrity Protection is enabled.

Apple:

Note: To safeguard against disabling System Integrity Protection by modifying security configuration from another OS, the startup disk can no longer be set programmatically, such as by invoking the bless(8) command.

Previously: System Integrity Protection (a.k.a. Rootless).

Update (2015-09-22): Rich Trouton:

This allows SIP’s configuration to persist across OS installs, but this design choice also means that resetting NVRAM will cause SIP to reset as well. In my testing, this reset will result in the following SIP configuration:

Update (2015-10-07): Gus Mueller:

“Message from debugger: cannot attach to process due to System Integrity Protection”. So much for debugging Automator actions in 10.11.

Update (2015-10-08): Rich Trouton:

To see which files have been protected by SIP, use the ls command with the capital O flag in Terminal[…]

[…]

SIP’s protections are not limited to protecting the system from filesystem changes. There are also system calls which are now restricted in their functionality.

  • task_for_pid() / processor_set_tasks() fail with EPERM
  • Mach special ports are reset on exec(2)
  • dyld environment variables are ignored
  • DTrace probes unavailable

[…]

It is also possible to enable SIP protections and selectively disable aspects of it, by adding one or more flags to the csrutil enable command. All require being booted from Recovery in order to set them[…]

Problems With iOS’s Flat Design

Amy Hoy:

But a little faux leather isn’t the problem. The problem is deeper:

  • misusing metaphors (e.g. turning buttons into links)
  • eliminating the only affordances that software can have — visual affordances
  • using fake physical metaphors for interactions, such as using “wheels” for data entry
  • eliminating information hierarchy – homogenizing spacing and typography, for “visual tidiness”
  • giving all types of interface widgets the same visual appearance
  • reusing the same interaction design for click UIs (on 13″-27″ screens) and touch UIs (on 5″ screens)
  • tiny tap or click targets with invisible boundaries
  • software and icons that all look the same

And these mistakes are especially galling because they’re exactly the kind of thing that Apple themselves used to rail against.

Nick Heer:

Here’s the thing: the Apple that Hoy describes hasn’t existed for a very, very long time. Beginning around the introduction of OS X, Apple stopped following the HIG so strictly and started experimenting.

[…]

I include these examples not to say that Hoy is wrong in her criticisms of recent iOS interface design, but to point out that the HIG was something that was frequently about aesthetics and trends. iTunes 5’s UI wasn’t a smooth grey because of research and interaction; it was because brushed metal stopped being trendy and started to look kind of, uh, bad. “Unified” windows in Tiger did not have a consistent use-case defined by the HIG, either.

[…]

The problems with iOS’ UI aren’t because it doesn’t follow the HIG. It rewrote the HIG, establishing even greater consistency between apps.

Learning Lessons The Hard Way

Code Climate:

Around this time we began a process of re-running old analyses that had failed, and were able to reproduce the issue. This was a critical learning, because it refuted the theory that the issue was ephemeral. With this information, we took a closer look at the objects in the analysis-level cache. We discovered that these marshaled Ruby objects did not in fact hold a reference to the contents of files as we originally believed. Problematically, the object held a reference to the Git service URL to use for remote procedure calls.

When a repository was migrated, this cache key was untouched. This outdated reference led to cat-file calls being issued to the old server instead of the new server. Ironically, we’ve now determined that since the cached Ruby objects did not include the Git blob data, it never generated a performance benefit of any kind. Significantly contributing to the difficulty of debugging this issue, the library we use to read Git repositories in our git service returns empty strings if the repository directory does not exist on disk, rather than an exception. Armed with a root cause -- caches containing invalid service URLs -- we discovered one other call site that could exhibit similar problematic behavior.

Via Soroush Khanlou:

The everpresent joke in computer science says there’s two hard problems: naming and cache invalidation. When I was starting out, I remember thinking “ha ha, there’s no way cache invalidation could be that hard”. Fast forward a few years, and while I’ve learned a few lessons of my own about bad caches, reading Code Climate’s incident report for a major issue made me understand on a far deeper level what it means for cache invalidation to be hard. Lesson learned, bon mot deployed.

Backdooring JavaScript Using Minifier Bugs

yan (@bcrypt) (via Hacker News):

The coolest article I’ve read so far in it is “Deniable Backdoors Using Compiler Bugs,” in which the authors abused a pre-existing bug in CLANG to create a backdoored version of sudo that allowed any user to gain root access. […] That got me thinking about whether you could use the same backdoor technique on javascript. JS runs pretty much everywhere these days (browsers, servers, arduinos and robots, maybe even cars someday) but it’s an interpreted language, not compiled. However, it’s quite common to minify and optimize JS to reduce file size and improve performance. Perhaps that gives us enough room to insert a backdoor by abusing a JS minifier.

[…]

So if we can trick the minifier into erroneously applying De Morgan’s law, we can make the program behave differently before and after minification! Turns out it’s not too hard to trick UglifyJS 2.4.23 into doing this, since it will always use the rewritten expression if it is shorter than the original. (UglifyJS 2.4.24 patches this by making sure that subexpressions are boolean before attempting to rewrite.)

[…]

The backdoor examples that I’ve illustrated are pretty contrived, but the fact that they can exist at all should probably worry JS developers. Although JS minifiers are not nearly as complex or important as C++ compilers, they have power over a lot of the code that ends up running on the web.

Sunday, September 13, 2015 [Tweets] [Favorites]

Electronic Arts’s Recent App Store Removals

Eli Hodapp (via Steven Frank):

If you were going to put together a list of truly classic iOS titles, and both Flight Control and Real Racing weren’t on it, you’d have some explaining to do. Sadly, it seems as of about ten days ago, the only place those games will exist anymore is in ancient reviews and YouTube trailers. As accidentally spotted by Shaun last night, while looking for something else, EA has removed the following games from the App Store[…]

Steven Frank:

We don’t know for sure, but presumably EA pulled the games because they’re not compatible with the latest version of iOS, and it’s not financially sound to provide an update.

[…]

These were arguably historically significant titles, and there is no official mechanism to archive them for preservation.

Maybe it seems silly — they’re “just” games after all, right? But now the only source of these binaries is DRM-laced copies that someone happened to purchase and download.

Amazon Web Services in Plain English

Michael Buckbee (via Nicole Hemsoth, comments):

EC2 should have been called Amazon Virtual Servers

[…]

RDS should have been called Amazon SQL

[…]

Cloudfront should have been called Amazon CDN

Computer Science Courses that Don’t Exist, But Should

James Hague (comments):

CSCI 3300: Classical Software Studies

Discuss and dissect historically significant products, including VisiCalc, AppleWorks, Robot Odyssey, Zork, and MacPaint. Emphases are on user interface and creativity fostered by hardware limitations.

CSCI 4020: Writing Fast Code in Slow Languages

Analyze performance at a high level, writing interpreted Python that matches or beats typical C++ code while being less fragile and more fun to work with.

Adrian Frutiger, RIP

Adam Twardoch:

Frutiger had influenced the 20th century’s European and world typography like no other, with the possible exception of Hermann Zapf who died just three months earlier. Adrian Frutiger’s most famous typefaces (Univers, Frutiger, Avenir) embody “sophisticated modernism” in the best possible way: he managed to distill the essence of the Latin letter and reduce its formal language to the minimum, yet he never crossed the barrier of naive geometry or reduction for its own sake. Utility and legibility came always first. Frutiger’s alphabets were never forcibly individualistic. His trademark was the careful balancing of shapes and the understated beauty of his seemingly simple forms. For several decades, Adrian Frutiger remained a typographic innovator, never shying away from most difficult challenges, such as the world’s first comprehensively planned typeface family Univers, the Roissy/Frutiger family that forever changed the notion of signage and legibility, his OCR-B alphabet, or the ultra-compact yet highly readable Vectora.

Wikipedia:

Frutiger disliked the regimentation of Futura, and persuaded Peignot that the new sans-serif should be based on the realist (neo-grotesque) model. The 1896 face, Akzidenz Grotesk, is cited as the primary model. To maintain unity across the 21 variants, each weight and width, in roman and italic, was drawn and approved before any matrices were cut. In the Univers font, Frutiger introduced his two-digit numeration; the first digit (3 though 8) indicates the weight, “3” the lightest, “8” the heaviest. The second digit indicates the face-width and either roman or oblique. The response to Univers was immediate and positive; he claimed it became the model for his future typefaces: the slab serif Serifa (1967) and Glypha (1977) are based upon it.

Wikipedia:

In designing the typeface’s predecessor Roissy, Frutiger’s goal had been to create a sans-serif typeface with the rationality and cleanliness of Univers but the organic and proportional aspects of Gill Sans. Frutiger: “What was important, was total clarity – I would even call it nudity – an absence of any kind of artistic addition.”. Designing Frutiger as a print version of Roissy, this principle resulted in a distinctive and legible typeface. The letter properties originally suited to the needs of Charles de Gaulle: a modern appearance and legibility at various angles, sizes, and distances. Ascenders and descenders are very prominent, and apertures are wide to easily distinguish letters from one another.

MyFonts has some samples of his work. The eponymous Frutiger typeface has been a favorite of mine since college.

Update (2015-09-25): swissinfo.ch (via John Gruber):

He was one of the few typographers who worked with hot metal, photographic and digital typesetting during his long career.

[…]

In Switzerland, he is best known for ASTRA-Frutiger, which has been used for Swiss road signs since 2003. ASTRA-Frutiger was designed to give the eye a better hold and be clear and highly legible at a distance or using small text sizes.

Saturday, September 12, 2015 [Tweets] [Favorites]

tvOS and the New Apple TV

Daniel Jalkut:

As announced in the special event yesterday, the SDK is based on iOS and will be very familiar to most Apple platform developers. There are, however, some differences: functionality from iOS frameworks that is not available on tvOS, as well as a handful of new frameworks specifically suited to the needs of “TV apps.”

[…]

The results [for __TVOS_PROHIBITED] are a doozy! But many of the marked items simply wouldn’t make sense on Apple TV, like mucking with the UIStatusBar, are marked as prohibited. There are other tags too, such as __TVOS_UNAVAILABLE, which presumably denotes that technologies that Apple would like to provide but hasn’t yet, and __TVOS_DEPRECATED, which blessedly does not yet match any API provided in the tvOS SDK.

Daniel Pasco:

Webviews are the duct tape of the mobile world. I’d estimate that 50% to 80% of the major apps out there use webviews somewhere within their apps. Apple’s Mail app uses webviews for for your email messages, because webviews can style and render the content very efficiently.

[…]

For a lot of companies, the absence of webview support on tvOS is going to be painful. It’s going to require custom rewrites of those those web-based widgets and views in either native code or TVML, just to support the AppleTV.

Daniel Jalkut:

This is a big deal, and many people see it as a wise choice on Apple’s part: by forbidding the use of web technology, they will encourage app developers to design natively for Apple TV. On iOS, by comparison, a large number of “native apps” that are downloaded from the App Store are in fact only thin wrappers around the same interactive web content that a user would see if they navigated to the company’s site in a browser. Forbidding web views on Apple TV all but guarantees that companies will provide a more tailored experience, designed in the spirit of Apple’s guidelines.

But forbidding web content outright will also be an unnecessary impediment to many developers whose apps are either tastefully implemented with the help of web technology, or whose core functionality is to deliver content — not web sites, mind you — that happens to be formatted with HTML.

Michael Bachand and Adam Michela (via Blake Seely):

The tvOS interaction paradigm presents a unique challenge to developers and designers alike. The new Apple TV pairs a trackpad-like remote with a UI lacking a traditional cursor. As a result, “focus” is the only means by which an app can provide visual feedback to its user(s) as they navigate.

[…]

The focus engine will automatically initiate focus updates at appropriate times like app launch or when the currently focused view is removed from the view hierarchy. Developers can also request focus updates, but any requests must be issued through the focus engine. Since only the focus engine can update focus, it’s here that the focus engine most literally takes on the role of bridgekeeper.

[…]

When an update cycle begins, the focus engine queries the initiating focus environment for its preferredFocusedView. If this view is non-nil and focusable, the focus engine will attempt to give that view focus by issuing the aforementioned notification events through the focus responder chain.

Update (2015-09-12): Daniel Jalkut:

Granted, this is a far cry from a fully-functional web view. I’m sure it won’t serve the needs of all developers who currently rely upon UIWebView or WKWebView, but I expect that in some cases it will be a valuable workaround to the otherwise total omission of support for rendering HTML on Apple TV.

Update (2015-10-04): Benjamin Mayo:

The Apple TV is launching later in October but many of the details about the device remain under wraps. At the announcement, Apple announced that the Apple TV Siri universal search feature will include data from iTunes, Netflix, Hulu, Showtime and HBO. Many had hoped that Apple would be more open with this feature, allowing Siri to incorporate data from third-party services without requiring a special Apple partnership. In a move that will please many, Tim Cook has announced that Apple will offer an API for universal search, after all, via an interview with Buzzfeed.

Now Allowed to Launch Apps From Today Widgets

Steven Sande (in 2011):

Although the Launch Center app works identically to Quickpick, David Barnard of App Cubby just notified me that the app was turned down. The note he received: “We noticed that your app included inappropriate use of Notification Center, which does not comply with the iOS Human Interface Guidelines.”

David Barnard:

I’m thrilled to announce @LaunchCenterPro 2.5 will be released Tuesday with a widget and support for over 100k apps!

After first being rejected for using Notification Center to launch apps in 2011, it’s hard to express how happy this release makes me.

Update (2015-09-16): Juli Clover:

With the new Notification Center widget, it's possible to add twelve of your favorite Launch Center Pro actions for quick and easy access. You can do things like call a specific person, add an event to a favorite calendar app, get directions home, scan a QR code, send a group text, and more directly from the Notification Center.

Your App Is Collection of Tiny Details

Jeff Atwood (quoting Wil Shipley, via Ole Begemann):

These are, to be sure, a bunch of dumb, nitpicky details. Did the old version feed our cats reliably? Yes, it did. But it was also a pain to clean and maintain, a sort of pain that I endured weekly, for reasons that made no sense to me other than arbitrarily poor design choices. But when I bought the new version of the automated feeder, I was shocked to discover that nearly every single problem I had with the previous generation was addressed. I felt as if the Petmate Corporation™ was actually listening to all the feedback from the people who used their product, and actively refined the product to address our complaints and suggestions.

[…]

Getting the details right is the difference between something that delights, and something customers tolerate.

AirPlay Overhaul for iOS 9

Jordan Kahn:

While the changes won’t affect app developers simply using AirPlay APIs for offering users the ability to stream from within an app to an AirPlay device like an Apple TV, it will break many screen mirroring apps that tap into the AirPlay protocol for screen sharing like Reflector. The apps that are often used in education, enterprise, and within the tech world for things like screen recording and display mirroring to devices not supported by Apple.

Though developers of screen mirroring and streaming apps piggybacking on the protocol will have to implement workarounds to avoid issues with the changes in iOS 9, the overall changes appear to be a move by Apple to vastly improve device pairing and in the process improve the overall AirPlay experience across devices.

Friday, September 11, 2015 [Tweets] [Favorites]

Apple/Google Hiring Lawsuit Finally Settled

John Ribeiro:

A court in California has approved a $415 million settlement between tech workers and Intel, Google, Apple, and Adobe Systems, who were accused of conspiring to prevent the poaching of each other’s employees.

The final approval has, however, reduced significantly the sums to be paid to lawyers and the class representatives who had initiated the court action.

Previously: Apple/Google Hiring Lawsuit, Settled.

Update (2016-03-18): Ashley Nelson-Hornstein:

Cook uses the book as a platform to defend his friend against Isaacson’s portrayal. In fact, there are two full pages of consecutive quotes that read like a soliloquy, without narrative structure. A curious moment also occurs when Cook explains Jobs’ part in the lawsuit against Silicon Valley companies, for their secret and illegal agreement not to poach senior employees from one another. Cook says in part “…I don’t think he was thinking about saving any money. He was just very protective of his employees.” I was surprised to hear such a patriarchal sentiment from the CEO of Apple.

Lyft Goes Swift

Harry McCracken:

A bit over a year after Apple’s announcement, it was ready with an all-Swift version of Lyft. The company believes that it’s the largest app to make the move, both in terms of lines of code and number of users.

[…]

By June, nearly every iOS developer was working in Swift; on average, it took two or three weeks for any given engineer to be up, running, and comfortable.

[…]

Swift code was also far more compact than Objective-C, which made it easier to understand and manage. Over the years, the original version of Lyft had ballooned to 75,000 lines of code. By the time the company was done recreating it in Swift, they had something that performed the same tasks in less than a third of that.

[…]

“One of the challenges of doing something like this is, you don’t really have a viable gradual rollout strategy for iOS,” says Lambert. “Android has a little bit of a leg up there, where you can do a 1%, a 5%, a 10% rollout. With iOS, basically, it’s live or it’s not, which puts a lot of the burden on the engineering team. Everyone who has auto-update turned on on their phone will have it within an hour.”

Macworld UK Ends Print Magazine

Karen Haslam (via Jon Seff):

It's sad to wave goodbye to a medium that's in our hearts, but with Macworld.co.uk now the most viewed Apple-focused media website in the world we think it's time to retire the print edition so the team can focus entirely on digital.

But this isn't the end of Macworld as a magazine. Far from it. None of your award-winning Macworld editorial team is leaving and the good news is that in addition to keeping the website up-to-date with news, the team will continue to produce Macworld magazine as a digital edition, available to read on your iPad.

I’m not sure I believe the “most viewed” claim. In any case, it’s good that, unlike with the US Macworld, no one is being laid off.

Getting a New iPhone

John Gordon:

Among other issues, Apple has longstanding problems with their customer identity infrastructure and how it intersects with their device registration, DRM rules, and messaging systems. Under iOS 8, for example, there appear to be 4-5 different authentication channels for Apple products even when a user has only one AppleID.

Which is why, in the course of moving the kid’s iPhones around, I made a list of the steps I take when deactivating an old iPhone (for sale, disposal, or migration to the backup stack).

Derek Kessler:

The complication comes from AT&T naming the plans with numbers that don’t match the months you’re paying — they’re the number of months after which you can trade in for an upgrade So while the Next 12 plan divides your payments over 20 months, you’ll be eligible to trade in for an upgrade after 12 months. See? Not that confusing.

[…]

With all Next upgrades it’s a trade-in — it’s rent-to-own. You’re paying equity into the phone, and you can trade it in for a new phone partway through, or you can keep paying and in the end the phone is yours.

[…]

A 2-year contract will cost about $50 more [than Next] over the long haul, but that the phone is still yours at the end after putting $500+ into it makes the old way of doing things mighty tempting.

  • If you plan to update your phone frequently, purchase on the Next 12 plan. It has the lowest cost to upgrade (either by waiting the requisite 12 months or waiting at least 2 moths and paying off the remaining balance to 12) of any of the Next plans (Next 12: 60%; Next 18: 75%; Next 24: 80%), and while you’ll pay more per month, you’ll pay less per phone.
  • If you plan to upgrade every other year, don’t bother with the Next 24 plan and go for the traditional 2-year contract. It costs you about the same over 2 years, but in the end you get to keep your old phone instead of having to trade it in. Or you can trade it in for an additional rebate. Yes, it feels weird to be recommending you buy on contract, but the match checks out.

However, it looks like you can’t buy an AT&T phone with a 2-year contract from Apple’s online store. You don’t want to get the 2-year contract if you aren’t going to upgrade when it’s over, because you’ll still be paying an extra $15/month for nothing.

Update (2015-09-11): Whitson Gordon:

But I always wondered whether it was more cost effective to sell your old phone early, while it still had value, or run it into the ground. Which saves you more money in the long run?

[…]

Looking at those numbers, it seems that it’s most cost effective to sell your phone every three years or more, but just by a nose. Doing so will save you around $100 (plus tax) over the course of six years on Swappa. If you use my Cragslist numbers, it comes out closer to $160. Even more interestingly, selling your phone every year and every two years is pretty darn close to equal. So if every three years is a bit too long for you, you might as well upgrade every year and have the latest and greatest!

[…]

Most of this math hinges on one very important fact: you should sell your phone using a site that doesn’t take a bunch of extra fees.

Update (2015-09-12): Josh Centers and Adam C. Engst:

It took us hours to sift through the carrier sites to put together these lists, and frustratingly, it’s difficult to make exact comparisons, due to the carriers offering differently sized data plans. Nonetheless, here are our conclusions.

Update (2015-09-25): Lloyd Chambers:

A year ago I wrote What does an iPhone 6 Plus cost?, in which I showed how no matter what you do, AT&T will nick you. There exists no good deal; all deals are variations on the same pricing in which you end up paying in full for the phone (or more), one way or another.

Update (2015-10-14): Adam Fields:

“Because the iPhone Upgrade Program isn’t tied to a single carrier, you don’t need a multiyear service contract. If you don’t have any carrier commitments, you’re free to select a new carrier or stick with the one you have.”

[…]

Except - that’s not the case. As Apple has now revealed on their LTE specifications page, the two phones are not cross-compatible. The AT&T phone works on AT&T and only on AT&T. The “everything else” phone doesn’t work on AT&T at all. And by “works”, I’m talking about LTE service. It’s 2015 - you can’t say that a flagship iPhone (or any recent iPhone for that matter) is really functional without LTE service.

Thursday, September 10, 2015 [Tweets] [Favorites]

iPhone 6s and 3D Touch

Jason Snell:

The killer feature here is 3D Touch, and while it’s a little confusing to watch, it makes perfect sense when that iPhone is in your hand. I was really impressed with how smart the iPhone is at detecting different levels of pressure. In the few minutes that I was using an iPhone 6S, I never found myself tapping instead of using 3D Touch, and never found myself accidentally “popping” when I was meant to “peek.”

Josh Tyrangiel:

Apple isn’t in the habit of explaining how it makes things work, because the people at Samsung can read, and hold a patent on a similar technology. But in lieu of the usual polite deflection, Federighi picked up an iPhone 6S and explained one of 3D Touch’s simpler challenges: “It starts with the idea that, on a device this thin, you want to detect force. I mean, you think you want to detect force, but really what you’re trying to do is sense intent. You’re trying to read minds. And yet you have a user who might be using his thumb, his finger, might be emotional at the moment, might be walking, might be laying on the couch. These things don’t affect intent, but they do affect what a sensor [inside the phone] sees. So there are a huge number of technical hurdles. We have to do sensor fusion with accelerometers to cancel out gravity—but when you turn [the device] a different way, we have to subtract out gravity. … Your thumb can read differently to the touch sensor than your finger would. That difference is important to understanding how to interpret the force. And so we’re fusing both what the force sensor is giving us with what the touch sensor is giving us about the nature of your interaction. So down at even just the lowest level of hardware and algorithms—I mean, this is just one basic thing. And if you don’t get it right, none of it works.”

[…]

“Why would we spend this many years working on 3D Touch when you can do some of these things with a button? Well it’s, it’s just such a fluid connection with your content,” says Ive, a little dreamily. “And not everything is binary, is it?”

John Gruber:

“3D Touch” is the new “Force Touch” (Craig Federighi slipped at one point, saying “force” before correcting himself.) I’ve seen concerns that this overcomplicates the iPhone’s UI design, but I would argue the opposite. It’s the multi-touch equivalent of keyboard shortcuts on the desktop: shortcuts for tasks that can all be accomplished without it. To use the old parlance, 3D Touch is for power users.

There’s no 4-inch model, but perhaps 3D Touch will ameliorate the problems with reaching on larger screens. The easier app switching and trackpad mode look great.

Husain Sumra:

While Apple didn’t discuss AppleCare+ pricing as it unveiled the new iPhone 6s and 6 Plus today at its “Hey Siri” event, the Cupertino company did unveil new pricing for the service on its website. AppleCare+ for both devices is $129.99 while its service fee is $99.99.

This is an increase from the pricing for iPhone 6 and earlier models, which are priced at $99.99 for AppleCare+ and $79.99 for the service fee.

Benjamin Mayo:

In the promo video, Apple shows a shot of the iPhone 6s internals. As it happens, this render is extremely detailed and you can actually make out the battery specifications inscribed onto the battery. Its rated at 1715mAh, which is down from the 1810mAH packed into the previous iPhone 6.

It seems that Apple has had to shrink the battery to make space for new features like the 3D Touch screen and the Taptic Engine. However, according to Apple’s technical specifications, it shouldn’t make a difference. The battery life estimates for the iPhone 6s and iPhone 6 are identical.

Update (2015-09-10): The iPhone 6s has 2 GB of RAM, up from 1 GB in the iPhone 6. It’s also about half an ounce heavier, about the same as the increase from the 5s to the 6.

David Smith:

In the end Apple has decided to continue offering a product that will almost inevitably fail their customer at some point, and potentially fail them at a moment of deep personal importance. That makes me sad, and as someone who makes my living riding their coattails, worried about the long term effects of this short term thinking. Maybe it is just sentimentality but those aren’t the priorities that I think Apple stands for.

Update (2015-09-11): Ken Segall:

The marketing theme for the iPhone 6 and 6 Plus — The only thing that’s changed is everything — seems designed to counter the popular perception that S-years are off-years. […] Well … Apple wouldn’t have to address the knee-jerk criticism if it didn’t create this “off-year” perception with its choice of names. In this case, it is certainly reaping what it has sown.

Update (2015-09-16): Joe Rossignol:

Apple published Environmental Reports for the iPhone 6s and iPhone 6s Plus that reveal the devices are about 11% heavier than their predecessors, as first noted by The Verge. But the additional weight comes almost entirely from the 3D Touch display, which weighs nearly twice as much as a regular ion-strengthened display.

Update (2015-09-25): Jason Snell:

Every time I intended to use 3D Touch to “push” an icon on the iPhone home screen, the feature activated and a contextual menu popped into view, accompanied by a tiny vibration to indicate that I had succeeded with my gesture. The extension of that gesture–sliding my finger or thumb down to the right menu item and then letting go–felt natural after a single try.

[…]

The best way I can describe it is that for all my attempts to get 3D Touch to misunderstand me, it just couldn’t do it. I didn’t need to use the heavy-fingered press I have to use on the Apple Watch–the 3D Touch on the iPhone 6s is almost gentle.

[…]

Getting this right was a tough problem to solve, so tough that most of us who tried to envision the feature before it was announced had a hard time imagining how it could possibly succeed. But, as someone who has held the iPhone 6s in my hand, I can tell you that it really does.

Ken Segall:

If Apple weren’t hell-bent on reinforcing the”tick-tock” idea, it wouldn’t need to run commercials that aim to counter the perception. Nor would there be a need to overcome S inertia with theme lines like “The only thing that’s changed is everything.”

iPad Pro

Jason Snell:

In the hands-on area, I also got to type on the Smart Keyboard as well as the iPad Pro’s own on-screen keyboard. The iPad Pro’s screen is so large, the on-screen keyboard is practically a full-sized keyboard on its own, complete with a number/symbol row. There’s even a Tab key. If I focused really hard on my fingers, I found that I could type on the keyboard at a blistering pace.

The Smart Keyboard seems great for what it is, which is a keyboard so small and thin that you can carry it with you everywhere and use it as a screen protector. The keys move, a little, and it’s a comfort to feel real key caps.

John Gruber:

As with other iPads and iPhones, Apple won’t talk about RAM, even though developers will be able to find out as soon as they get their hands on them. If we were to wager on the amount of RAM in iPad Pro, my bet would be 4 GB. And I would wager very heavily.

To me, the interesting part of the iPad Pro is the Apple Pencil. If you aren’t using that, it seems like a tweener for many uses. Ergonomically, the smaller iPads would be better for reading, and a MacBook would be better for productivity. But what a screen!

Update (2015-09-10): Ben Thompson:

Cook’s assumption is that the iPad problem is Apple’s problem, and given that Apple is a company that makes hardware products, Cook’s solution is, well, a new product.

[…]

That, then, means that Cook’s conclusion that Apple could best improve the iPad by making a new product isn’t quite right: Apple could best improve the iPad by making it a better platform for developers. Specifically, being a great platform for developers is about more than having a well-developed SDK, or an App Store: what is most important is ensuring that said developers have access to sustainable business models that justify building the sort of complicated apps that transform the iPad’s glass into something indispensable.

Emanuel Sa:

But the biggest problem is the platform. Apps on iOS sell for unsustainably low prices due to the lack of trials. We cannot port Sketch to the iPad if we have no reasonable expectation of earning back on our investment. Maintaining an application on two different platforms and provide one of them for a 10th of it’s value won’t work, and iPad volumes are low enough to disqualify the “make it up in volume” argument.

Linda Dong (comments):

Currently the Wacom Cintiq is regarded as the pinnacle of professional drawing stylus/surface design. A lot of hesitation (or dismissal) of the Apple Pencil seems to stem from people’s belief that Cintiq is superior in performance and design at a similar price. *sigh*

Quite plainly, the Cintiq sucks in comparison. And I’ve been using them for years for industrial design sketching, UI, and art.

Update (2015-09-11): Fraser Speirs:

On Wednesday, Tim Cook came out and put the iPad front and center. It led and, arguably, dominated the substantive announcements at the event. He called it the future of personal computing and that means more than any specifics of any current version of the iPad.

Update (2015-09-22): John Brayton:

There are many reasons the iPad Pro cannot replace the Mac for many people. I think the most overlooked reason is that there is no comfortable way to touch the iPad’s display when using it with a hardware keyboard. You need the iPad to be upright in order to see it. Reaching to touch the upright iPad screen becomes extremely uncomfortable over time. There is no mouse or trackpad for iOS.

Update (2015-09-23): Blair Hanley Frank:

What sets the iPad Pro apart from its counterparts in Microsoft’s eyes is the massive 12.9-inch display. Microsoft allows users with devices that have screens smaller than 10.1 inches to edit documents for free, but users of devices larger than that have to pony up for an Office 365 subscription. It’s not just iOS: the same policy goes for Android and Windows tablets as well.

Update (2015-09-25): Pieter Omvlee (via Gus Mueller):

This puts the fate of the iPad Pro back in the hands of those who nearly killed Apple in the 90s: Adobe and Microsoft. It is almost like a Greek Tragedy; while Apple desperately tried to avoid it, it has unknowingly helped make the inevitable come to pass.

John Gruber:

The iPad is five years old and there just isn’t as much “pro” software for it as there should be. And I think it’s hurting the platform. In theory, developers like Bohemian Coding (the makers of Sketch) should be all over the iPad Pro. In reality, they’re staying away simply because they don’t think they’ll make enough money to justify the costs of development.

Update (2015-10-04): Pierre Lebeaupin:

And so, what corresponding iOS platform news did we get from Apple this September? Err, none. From a policy standpoint, iOS is still as developer-unfriendly, by not supporting software trials for instance, even though this is a fundamental commercial practice; in fact, this appear to be backfiring on Apple, as this resulted in potential buyers going for the already established brands when it comes to professional iPad software, and in Apple coming to bringing Adobe and Microsoft on stage in the presentation to prove the professional potential of the iPad pro; those two companies are probably the ones Apple wishes to be least dependent upon, and yet here we are.

Wednesday, September 9, 2015 [Tweets] [Favorites]

Microsoft Excel Tips

Former Excel developer Joel Spolsky demonstrates some basic ways to use Excel more effectively (tweet, Trello notes). I don’t usually like watching videos, but this one is fast-paced and had some tips that were new to me. The more you learn about Excel, the harder it is to like Numbers and Google Sheets, although the latter is unbelievably convenient for collaborating.

Via the Twitter replies, I also found a mind-bending talk by Felienne Hermans called “Spreadsheets for Developers.”

Previously: Microsoft Excel 2011 for Mac Keyboard Shortcuts.

Update (2015-09-13): Marcel Weiher:

Intuitively, restricting the variables to take only integer values should be easier/quicker, but the reverse is true, and in a big way: once you have integer programming or mixed-integer programming, everything becomes NP-hard.

In fact, I just saw this in action during Joe Spolsky’s talk “You suck at Excel”: he turned on goal-seeking (essentially a solver), and it diverged dramatically. The problem is that he was rounding the results. Once he turned rounding off, the solver converged to a solution fairly quickly.

Apple Tangles With U.S. Over iMessage Data Access

Matt Apuzzo, et al. (via Christopher Soghoian):

With Apple, the encryption and decryption are done by the phones at either end of the conversation; Apple does not keep copies of the message unless one of the users loads it into iCloud, where it is not encrypted. (In the drug and gun investigation this summer, Apple eventually turned over some stored iCloud messages. While they were not the real-time texts the government most wanted, officials said they saw it as a sign of cooperation.)

What they mean here is that iCloud backups, which are enabled by default, are not encrypted. So, as I’ve said, it’s pretty much irrelevant that the iMessage communications themselves are encrypted end-to-end. Unlike with USB syncing, there is no way to make an encrypted cloud backup of an iPhone. Nor is there a way to do a cloud backup that excludes iMessage data.

Matthew Green:

It’s a vague headline that manages to obscure the real thrust of the story, which is that according to reporters at the Times, Apple has not been forced to backdoor their popular encrypted iMessage system. This flies in the face of some rumors to the contrary.

[…]

While it seems pretty obvious that Apple could in theory substitute keys and thus enable eavesdropping, in practice it may require substantial changes to Apple’s code. And while there are a few well-known cases in which the government has forced companies to turn over keys, changing the operation of a working system is a whole different ball of wax.

Ben R.

Apple controls iPhones. They have root access, you don’t. It’s the future that Richard Stallman predicted in The Right To Read, except he thought it would be Microsoft. In this kind of situation, why would you even mention key substitution attacks? It’s like speculating about the owners of an Internet café implementing a TLS MITM attack in their own network’s router in order to spy on HTTPS connections originating from their own machines. Why bother when you’re root?

Update (2015-09-12): Bruce Schneier:

The rumor I am hearing is not about access to a particular user and his communications. It is about general access to iOS data and communications. And it’s in the FISA court, which means that it’s not a domestic criminal matter.

Wikipedia Editors Uncover Extortion Scam

Lauren C. Williams (via Mark Bernstein):

The Wikimedia Foundation, the non-profit organization that sponsors but does not operate Wikipedia, announced Monday that at least 381 accounts have been suspended for “black hat” editing, in which editors charge and accept money for “to promote external interests.”

[…]

What makes Orangemoody different are its guerrilla recruiting efforts and the group preying on new or gullible Wikipedia users. “This syndicate went out and looked at articles that were being deleted and went and contacted people who were new and wanted an article but were rejected,” Lih said. “WikiPR was not recruiting people to our knowledge; people would approach them.”

Moreover, Orangemoody editors created false threats and, from separate accounts, members would threaten to delete an article and, through another account, tell clients they can ensure the page won’t get deleted for a $30 monthly fee even though most of the pages didn’t meet Wikipedia’s notability standard, which require the article subject to have extensive media coverage — that excludes company websites or press releases, or passing mentions, such as in a listicle.

Thunderbolt Ethernet Adapter Says Cable Unplugged (When Not)

stevenforster1 suggests:

I was having this problem and even after following the above steps.  I then used the Help Center and found how to create a new “Bridge Virtual Network Interfaces” instruction.

  1. Choose Apple menu > System Preferences, then click Network.
  2. Choose Manage Virtual Interfaces from the Action menu.
  3. Click Add (+), choose New Bridge, then select the interfaces to include in the bridge.

I deleted the profiles already there, added the Thunderbolt back in, hit apply and good to go now.

This worked for me.

Tuesday, September 8, 2015 [Tweets] [Favorites]

Pushing on the Pull Door

Jared Sinclair:

The URL scheme alert view reverses the standard position of the accept and cancel buttons. Make sure your support staff anticipate this confusion when trouble-shooting “I can’t log in via Facebook” bug reports.

Previously: iOS 9 to Block Abuses of -canOpenURL:.

Update (2015-09-08): Jonathan Grynspan:

“iOS 9 only shows URL scheme alert views for host apps linked against iOS 8 or earlier.” This isn’t accurate.

The prompt is not connected to iOS 9’s Info.plist changes, so if that’s what you or Jared is seeing, please file a radar.

Why You Should Upgrade (On Your Own Terms)

Adam C. Engst:

I know many of you are tempted to scream, “Stop this bus! I want to get off!” And many people did just that some years back when the misbegotten OS X 10.7 Lion was on offer — there’s a vocal group still happily (or at least defensively) using 10.6 Snow Leopard. There’s probably still a set of iOS 6 users holding out against the flat look of iOS 7 and iOS 8 too. None of you are wrong. You may be merely postponing a world of upgrade hurt, but you’re not wrong.

[…]

I’m not saying that you should drop everything to upgrade as soon as Software Update alerts you to the latest and greatest. In fact, apart from certain security-related updates that would be good to get sooner rather than later, I think waiting a decent amount of time before upgrading makes a ton of sense. Immediate upgrades are for those of us whose business revolves around the latest details — we’re the penguins diving off the ice floe first so the rest of you can jump in without worrying about leopard seals. Wait a bit after a major upgrade, and for a minor update or two to address bugs that became obvious only after widespread public release. We may have early-bird releases of “Take Control of Upgrading to El Capitan” and “El Capitan: A Take Control Crash Course” available now, with updates planed for El Capitan’s release day, but we also continue to refine those books after launch.

So wait if you want, but don’t wait too long. Community knowledge doesn’t go back that far any more — there’s just too much to know, and too many facts that quickly stop being relevant. Options disappear too — drag your feet on upgrading to the mature Yosemite now, and in a month or so, Apple will replace it with El Capitan, and you won’t be able to download a fresh copy of Yosemite, just as you can no longer get a new copy of Mavericks from the Mac App Store.

NSBackgroundActivityScheduler

Milen Dzhumerov:

If your Mac app needs to run background tasks in an energy efficient way, use NSBackgroundActivityScheduler (10.10+)

This class was introduced at WWDC 2014, but it’s not documented in the release notes or in the Foundation class reference. It is, however, explained in the Energy Efficiency Guide for Mac Apps, and there’s a header file with some good comments:

This class provides a Cocoa-level interface to the XPC Activity API (see xpc/activity.h).

It is used to schedule maintenance or background kinds of tasks. These activities are run by the OS at a time that best accommodates system-wide factors like energy, thermal conditions, and CPU usage. If you have activities that run at an interval measured in 10s of minutes or more, then use this class to schedule those activities.

San Francisco’s Rider-Friendly Transit Map

Eric Jaffe (via Simone Manganelli):

Fast forward to today and Primus has turned the insight from that rough early journey into one of the most rider-friendly transit maps you’ll ever see. The redesigned Muni map—co-created by Primus and David Wiggins—immediately indicates frequency through a route line’s thickness. Muni officials adopted it system-wide this April and will update it later this month to reflect a service upgrade.

[…]

A handful of other transit systems have delved into weighted frequency maps—D.C.’s Metrobus and Spokane Transit being two strong examples—but for the most part cities have shied away from the approach. The reason may be partly political. Since frequency maps spotlight which parts of town have worse service, they invite criticism that basic maps of service coverage don’t.

[…]

It’s also a pedestrian map. “Anyone on transit is by definition a pedestrian,” says Primus. With that in mind, he and Wiggins made the map useful from a walker’s perspective, even as it functions primarily as a transit guide. So they kept an accurate scale (unlike other transit maps that famously distort geography) and showed all streets (labeling 95 percent, in a faint grey).

SiriScript

Daniel Jalkut:

Today I faced a long list of alarms on my iPhone, and decided that I wanted to clean them out. The typical iOS “Edit” interface puts a red “delete” button next to each item, and upon tapping it you must then confirm it by tapping the explicit word “delete” at the other end of the item. Suffice to say: for a list of any significant size, this is very tedious.

On a whim, I decided to give Siri a shot at simplifying the process. I long-pressed the home button, and uttered: “delete all my alarms.”

Too bad there’s no equivalent for clearing out all your photos. You still have to empty the camera roll from the Image Capture application on the Mac.

Nick Heer:

Something like Siri on OS X could radically simplify everything from the most basic commands to much, much more complex tasks.

Friday, September 4, 2015 [Tweets] [Favorites]

qtmodernizer

qtmodernizer(1):

qtmodernizer is a command line tool to examine a media file which may be in a legacy format or may contain legacy media tracks. In this case a legacy format is one which cannot be read directly by CoreMedia or AVFoundation frameworks.

qtmodernizer examines all the tracks to determine if they are all in a form that can currently be played. If all tracks are playable and the format is readable, qtmodernizer does returns and does nothing. If any of the audio or video tracks are encoded with a codec that CoreMedia does not support, that track will be converted to a modern format, usually H.264 for video and AAC for audio (see --useprores for other choices).

This was added in Mac OS X 10.9. It’s probably a good idea to update any old media files that you have now.

Struct Semantics in Swift

Chris Eidhof:

Instead, we can change our mutableData accessor to prevent copying when there are no other references to the data variable. To do this, we need to check if the data is uniquely referenced. In other words, we only make a copy of the data if the data is shared. We can do this using the isUniquelyReferencedNonObjC function. This is the reason why we need Box: it only works on Swift classes. NSMutableData is an Objective-C class, and then the function doesn't work.

[…]

Now we have full copy semantics, and efficient behavior: only when a copy is really necessary, it is made. This way, we never have to remember to write data.copy() ourselves, we implemented it correctly once and can then forget about it.

Lessons Learned From Reading Postmortems

Dan Luu (via Kyle Van Essen):

For more on this, Ding Yuan et al. have a great paper and talk: Simple Testing Can Prevent Most Critical Failures: An Analysis of Production Failures in Distributed Data-Intensive Systems. The paper is basically what it says on the tin. The authors define a critical failure as something that can take down a whole cluster or cause data corruption, and then look at a couple hundred bugs in Cassandra, HBase, HDFS, MapReduce, and Redis, to find 48 critical failures. They then look at the causes of those failures and find that most bugs were due to bad error handling. 92% of those failures are actually from errors that are handled incorrectly.

Solving Wi-Fi Coverage Problems

Glenn Fleishman:

With a combination of graphic visualizations, lists of information, and the capability to drill down into super-technical details, WiFi Explorer has become my top recommendation for anyone trying to sort out a local Wi-Fi environment.

[…]

WiFi Explorer helps tremendously with understanding interference from adjacent networks by providing both comprehensive details and graphical insight. It also lets you see at a glance precisely how your network is configured. Apple doesn’t offer that in AirPort Utility, which shows connections and base station names, but requires you to hover over each base station to see channel assignments and other details.

[…]

The Channels view is remarkable. It shows how different base stations are occupying swaths of frequencies. In 2.4 GHz, you can see where networks overlap. Channels 1, 6, and 11 are considered non-overlapping — the central frequency for each channel is offset by 25 MHz, or more than a full channel.

Thursday, September 3, 2015 [Tweets] [Favorites]

NetNewsWire 4.0

NetNewsWire 4.0 is finally available (via @iconmaster, tweet). The main change since the beta is that it now has its own cloud syncing service, instead of iCloud Core Data. There is also a traditional three-pane view instead of just the widescreen view.

It still has the “lite” feature set, nothing like my beloved NetNewsWire 3. There are no smart folders. There’s no meaningful AppleScript support. It doesn’t support the system share menu.

There’s also a bug where permalinks containing # don’t open properly in a Web browser.

Update (2015-09-04): John Gruber:

Second, Black Pixel has simplified so much, they’ve removed a lot of what made NetNewsWire NetNewsWire. Let Apple News and Flipboard be the simple news readers — I think the opportunity in today’s world for a non-free Mac RSS reader is at the high-end.

Nick Heer:

I’ve only had the chance to play around with the iPhone version, but it does feel awfully light. That’s not to discredit what I’m sure is a significant modernization of the Mac app underneath and, presumably, code compatibility with the iPhone app, but I can’t help but ache for more.

NetNewsWire has a very specific audience, and I don’t think this new version really appeals to them on either iOS or the Mac. In that sense, it comes across as confused. Both are adequate RSS readers, but I don’t think the word “adequate” is how NetNewsWire has ever been described.

Jesper:

But I also don’t want one of the five most important apps in my life to fade into something dumbed down. One interpretation of this post’s title is of course “who is NetNewsWire 4, who stands behind NetNewsWire?”. It used to be Brent and Sheila. It now is Black Pixel. Black Pixel has a more Apple-like approach and it’s not the way they work to think aloud, to eagerly solicit feedback, to herd cats and cat-like ideas of what should be for dinner tonight. I can deal with all of this. But I have to see progress.

Update (2015-09-11): Black Pixel (tweet):

At the present time, we’re not going to offer support for third-party sync systems, because we intend to offer something much better for the customers that use our products.

[…]

We knew we could offer improved, targeted performance if we controlled both sides of the sync equation. Instead of a generic service meant to meet a specific set of functions we may not even expose in the app, we were able to define a customized, optimized protocol to ensure the best possible performance we could provide our customers.

On the other hand, you have to switch to their entire stack, are then fully dependent on their apps, and have no Web version.

Migrating to a New Mac in the Real World

Michael E. Cohen:

Pack-rat that I am, I keep an Ethernet cable in my Cupboard of Arcane Connectors: I strung that between my new iMac and the Time Capsule before I started the migration. I could have used the Time Capsule’s Wi-Fi connection instead, but restoring a backup that way would have taken considerably more time — the last time I did a migration over Wi-Fi, it consumed a full weekend.

[…]

The first obstacle was the appearance of a dialog that told me the Mac was “preparing” to transfer my backup: it had no progress indicator and, as minute after minute passed, it gave no impression that any progress actually was being made. In my younger, more impatient days, I would have forced a reboot and tried again, but that night I told myself to wait an hour before giving up. After “only” 30 minutes, though, the “preparing” dialog was replaced by one with a progress gauge, and, what’s more, a time estimate!

[…]

Before I could even get to that, though, I had to deal with a flurry of requests for my iCloud password. Dialog after dialog came up requesting it, four or five in a row. This flurry was finally followed by an alert telling me that some of my apps required app-specific passwords, and the alert offered to help me create them. The alert didn’t tell me which apps needed those passwords, but I noticed that it sported a Messages icon.

[…]

Since I couldn’t deauthorize my old Mac (no hard drive, remember), I deauthorized all the computers using my account, and then authorized my new one. My media was once again accessible.

[…]

The moral of this episode: It’s not over until it’s over. Even if you get your Mac successfully migrated, you will likely find a few things that need tweaking and readjusting in the days and weeks ahead.

Adam Engst:

I always have a nightly duplicate of my boot drive, but in a case like Michael’s where it died late in the day, even a nightly bootable duplicate wouldn’t have been enough because he would have had to try to figure out what had changed during the day. In that kind of a situation, something like Time Machine or CrashPlan that runs all the time is more likely to be up to date.

AWS Device Farm

Amazon (via Cabel Sasser):

Device Farm is an app testing service that enables you to test your Android, iOS, and Fire OS apps on real, physical phones and tablets that are hosted by Amazon Web Services (AWS). A test report containing high-level results, low-level logs, pixel-to-pixel screenshots, and performance data is updated as tests are completed.

Device Farm allows you to upload your own tests or use built-in, script-free compatibility tests. Because testing is automatically performed in parallel, tests on multiple devices begin in minutes.

FAQ:

On iOS, we replace the embedded provisioning profile with a wildcard profile and resign the app. If you provide it, we will add auxiliary data to the application package before installation so the data will be present in your app’s sandbox. Resigning the iOS app results in the removal of certain entitlements. This includes App Group, Associated Domains, Game Center, HealthKit, HomeKit, Wireless Accessory Configuration, In-App Purchase, Inter-App Audio, Apple Pay, Push Notifications, and VPN Configuration & Control.

Frederic Lardinois:

Just like other AWS services, Device Farm will offer a free tier. In this case, you get 250 device minutes for free. After that, you will pay $0.17 per device minute or you can opt for paying a flat fee of $250 per device per month.

There are many supported devices, including ones with previous OS versions.

Apple Loses German Top Court Case on Swipe-to-Unlock Patent

Karin Matussek (via Hacker News):

Judges on Tuesday said that the iPhone maker’s method didn’t reach a level of sophistication needed to award patent protection -- backing an earlier patent tribunal ruling in favor of Lenovo Group Ltd.’s Motorola Mobility Holdings Inc.

“This user-friendly display was already suggested by the state of the art,” the Karlsruhe-based court wrote. “The contested patent thus isn’t based on an invention.”

TheMagicHorsey:

I have been involved with several patent suits (on both litigant side and defendant side) and as an engineer, I have to admit that there has never been a time when I haven’t read the statement of the problem the patent says its going to solve, and not thought of the solution myself, way before the patent presents the same solution. In other words, every single litigated software patent I’ve been asked to review has been BLATANTLY obvious. And I’m no genius. I’ve talked to other engineers and they’ve all said the same thing. I just explain a problem domain, and they usually give a solution that comes under the claims of the litigated patent.

This is not to say that there aren’t non-obvious software patents. Its just that those never seem to get litigated, because they aren’t some obvious concept sitting at the nexus of a well-trodden path the industry is following.

Why Dependent Types Matter

Jeremy W. Sherman:

A dependent type is a type that depends, not just on other types, but on terms. This means you can have values – plain old data – in your types. A common example is that of length-indexed lists.

You likely caught on that that code is Swift-ish but not actually Swift. That’s DTSwift, where I pretend that Swift is dependently typed.

[…]

This means that dependent types give us pay-as-you-go provable correctness. You can require proof of the most critical properties in your program in the form of very specific types that ensure those invariants, while handwaving about components that are either less important or just more readily shown correct by test or inspection.

[…]

Dependent types let you replace a Boolean that throws away the knowledge gained from a test by a type that represents the outcome of that test.

Update (2015-09-04): Joe Groff recommends Certified Programming with Dependent Types.

David Owens II:

This is the part I don’t get: we allow for incorrect code to be written in the non-dependent-typed case, but we assume that we can’t do the same with depedently-typed code? Why? What’s preventing me from swapping left and right in the Order type that is returned?

Update (2015-10-04): Jeremy W. Sherman:

Unlike in the evidence-less case, though, consumers of instances of this type can work out that it’s the wrong way around based on the because evidence: an instance like lessThanOrEqual(zeroLEQEverything: LEQ(0, 1)): OrderFlippedInstances(1, 0) hands the consumer a proof that LEQ(0, 1), and if they pattern-match that out and use it – as they likely would while producing evidence for the correctness of whatever they’re building atop this data – it’s merely frustrating that our documentation is backwards.

This “solves” the flipped Boolean problem, but no tool can solve the problem of misleading names. Misleading names provide bad input into our informal reasoning processes, and we’re likely to write bogus code as a result. If we’re programming with evidence, as dependent types let us do, we’ll catch this while interacting with the compiler; if we’re trusting the names, and ignoring the evidence, as dependent types also let us do (and non-dependent types force us to do), we likely won’t, absent testing.

Jeremy W. Sherman:

David’s concern is that, “It’s up to the programmer to realize that we have actually not created all of the proofs required to prove correctness.” This concern arises from his thinking that the proof for negb_inverse goes through even if you alter negb so it always returns true.

The version of negb he defines that always returns true actually already fails at the negb_inverse theorem, without need to proceed to trying to prove negb_ineq.

[…]

David’s core concern about knowing you’ve proved what you want to prove is a real problem.

Wednesday, September 2, 2015 [Tweets] [Favorites]

You Don’t Need Motivation

Kirby Turner:

What helped me was structuring my day so that I worked on my book at least an hour each day. I started work on the book at the same time every day, which was 9 am. Some days I only worked on it for an hour, other days I would work on it all day. It depended on how I felt. But I always worked on it for at least one hour starting at 9 am every day even when I wasn’t motivated to work on it.

Previously: How to Survive Working at Home.

Go at Basecamp

Noah Lorang:

Basecamp is a Ruby company. All of our customer facing applications are written with Ruby on Rails, we use Ruby for our systems automation via Chef, we deploy via Ruby through Capistrano, and underneath most rocks you’ll find a Ruby script that accomplishes some task.

Increasingly, however, Go has found its way into our backend services and infrastructure in a variety of ways[…]

[…]

Personally, I like Go because the semantics of channels and goroutines are a great fit for building data pipelines, and the innate performance of Go programs means I don’t have to think as much about the load that a parser might be adding to a server. As a language, it’s a pleasure to write in—simple syntax, great standard library, easy to refactor.

Adware Simulates Mouse Events to Access Keychain

Dan Goodin:

“What they’re basically doing is using provided system calls to get the location of the [permission] window and the location of the OK button in the window,” Thomas Reed, Malwarebytes’ director of Mac offerings, told Ars. “Then they’re simulating a mouse click. I’m surprised nobody thought of that before.”

[…]

The discovery also underscores a potential weakness that could be exploited by other unwanted adware or, worse, by outright malicious espionage trojans. For instance, it’s not hard to imagine a trojan disguised as a benign program that remains dormant for some period of time. Then, when the machine isn’t in active use, the app asks for permission to access a password for iCloud or Gmail and in the blink of the eye approves the request. Unless end users have overridden default Mac settings, the app would now be in possession of the credentials.

thomasreed:

As you can see there from that pseudo-code (generated from the assembly code by Hopper Disassembler), the installer is using three calls to CGCreateMouseEvent: one to move the mouse, one to simulate a mouse down and one to simulate a mouse up. (This is done after another routine parses the information returned by CGWindowListCopyWindowInfo to find out where the button is.)

Ultimately, it seems that this window is probably one that shouldn’t show up in that list of windows. However, I’m not enough of an expert at the inner workings of OS X to know how that would affect the Accessibility features of OS X, or if it would at all.

It doesn’t seem that simple, though, because the window is already frontmost with the Allow button as the default. Presumably, the app could just simulate a Return key event. This window does not appear very frequently, so perhaps a solution would be for it to ask for your password.

Google’s New Logo

Armin Vit:

We should get one thing straight first: the serif Google logo we’ve gotten used to seeing since 1999 — that’s 16 years, a period in which many of us have built our professional careers and relied on Google to do so many things — is not good. Not by any standard. It’s an old-looking, disproportionate piece of typography that no designer would think of using in a logo pitch to a client. We currently think it’s good and many are mourning its demise not because it was a great piece of design like the IBM logo but because we’ve grown so accustomed to it that anything different is an assault on what we know to be dear and true on the internet. To me, it was about time for that logo to go away.

[…]

One of the aspects that makes this redesign interesting is that they have bestowed logo duties on three separate elements: there is the logo, a set of dots, and a monogram. The impressive thing about this is that all three scream Google on their own — even the dots, simply by being the Google colors. You won’t mistake them for Microsoft dots, that’s for sure. The three elements, together, are the representation of the brand at every point: when you fire up an app through the G monogram, while the app is thinking through the dots, and when the app is loaded through the wordmark. This is a very clever way of building a visual ecosystem that imprints the Google DNA at every turn.

[…]

Any other solution to the logo — anything more effusive, more visible, more different, more visually explosive — would have been met with terrible anger. This “boring” solution is safe and almost expected but it’s extremely appropriate.

Update (2015-09-11): Thomas Benkö compares the colors with Microsoft’s logo.

Update (2015-10-14): Jaume Sanchez Elias (via ange):

In this post I’ll talk a bit about techniques and tricks learned while trying to recreate the new Google logo with SVG in 305 bytes (or less!).

Tuesday, September 1, 2015 [Tweets] [Favorites]

Swift Protocols

WWDC 2015 Session 408 (video, PDF):

This is a static type safety hole. Why did it happen? Well, it’s because classes don’t let us express this crucial type relationship between the type of self and the type of other. In fact, you can use this as a “code smell.” So, any time you see a forced down-cast in your code, it’s a good sign that some important type relationship has been lost, and often that’s due to using classes for abstraction.

So when you see Self in a protocol, it’s a placeholder for the type that’s going to conform to that protocol, the model type.

[…]

Now, you might think that forcing the array to be homogeneous is too restrictive or, like, a loss of functionality or flexibility or something. But if you think about it, the original signature was really a lie.

[…]

So, once you add a Self-requirement to a protocol, it moves the protocol into a very different world, where the capabilities have a lot less overlap with classes. It stops being usable as a type.

[…]

We find that, the more we decouple things with protocols, the more testable everything gets. This kind of testing is really similar to what you get with mocks, but it’s so much better.

[…]

You might ask, ‘what does it means to have a requirement that’s also fulfilled immediately in an extension?’ Good question. The answer is that a protocol requirement creates a customization point.

[…]

Swift 1 had lots of generic free functions like this. In Swift 2, we used protocol extensions to make them into methods like this, which is awesome, right? […] No more angle bracket blindness.

[…]

So, building bridges between the static and dynamic worlds is a fascinating design space, and I encourage you to look into more.

Marcel Weiher (channeling Crusty):

You see, I presented ADT (Abstract Data Type) programming to him and called it OOP. It’s a little ruse I use from time to time, and decades of Java, C++ and C# have gone a long way to making it an easy one.

[…]

So not only isn’t inheritance not the defining feature of OOP as I let on, it actually wasn’t even in the original conception of the thing that was first called “object-oriented programming”.

[…]

Because the idea was really to first get him all excited about not needing OOP, and then turn around and show him that all the things I had just shown him in fact were OOP. And still are, as a matter of fact.

[…]

My personal take is that our biggest challenges are in “the big”, meaning programming in the large. How to connect components together in a meaningful, tractable and understandable fashion. Programming the components is, by and large, a solved problem, making it a tiny bit better may make us feel better, but it won’t move the needle on productivity.

David Owens II (tweet):

Ok, so the heart, as I understood the talk, is about thinking of your types as in the form of protocols instead of base classes. The fundamental idea is to get rid of one of the really nasty problems of OOP - implicit data sharing. That’s great because that problem sucks.

It turns out, we can do this today in ObjC with one caveat - default protocol implementations. This is a feature that is new with Swift 2.0 and apparently wasn’t worth bringing back to ObjC.

[…]

I think the important takeaway from the Swift talk is not really about a “new paradigm” of programming, but rather showing a better way to compose software using techniques that we already use day-to-day. It makes it easier to do the better thing (get rid of accidental data sharing between types) and reducing the boiler-plate code required to do it.

There is one thing I’m worried about though: the class extension seems to be creating a very similar problem in that we are getting rid of unintentional data sharing between type hierarchies and replacing it with potentially unintentional functional changes in our programs.

Alexandros Salazar:

I haven’t had a chance to play with it too much, but watching the Protocol-Oriented Programming in Swift session, a particular construct struck me as the most likely source of arcane, incomprehensible bugs in the future. I expect it to be the novice’s crucible, similar to the way deallocated delegates would lead to crashes in the days before the weak attribute was introduced. I’m not yet sure what the searches will look like, but the fundamental question will be a variation of:

“Why does the method that I wrote overriding protocol extension X never get called?”

[…]

By always calling the value in the type’s implementation, then, we forever hide the default implementation of the extension, even in cases where it would be expected. The solution Swift 2 adopted is to call the default implementation when the protocol is explicitly specified.

[…]

The rules for dispatch for protocol extensions, then, are:

  • IF the inferred type of a variable is the protocol:
    • AND the method is defined in the original protocol
      • THEN the runtime type’s implementation is called, irrespective of whether there is a default implementation in the extension.
    • AND the method is not defined in the original protocol,
      • THEN the default implementation is called.
  • ELSE IF the inferred type of the variable is the type
    • THEN the type’s implementation is called.

Omar Abdelhafith:

If you are like me and you prefer reading decisions from a flow chart, the above reasoning can summarised in the following flow chart[…]

David Owens II:

This behavior is unsettling to me. For one, it makes some sense that you cannot change the functionality of another module with extensions to types belonging to that module. On the other hand, if I provide an extension for Sheep in my module, I’ll be able to use the new functionality just fine there, but anytime the type gets used in another module, the functionality will fall-back to the original behavior.

This just sounds like a scary source of bugs waiting to happen. I think the solution might be to simply disallow extensions to protocols that are not defined within the same module. I rather lose out on potential functionality to maintain certain guarantees in my program.

Soroush Khanlou:

With Swift 2, however, while we could continue to use decoration to wrap our data with new functionality, we’ve been given a new power with protocol extensions. Protocol extensions let us add concrete methods to a protocol that are dependent on the abstract methods in that protocol. It’s a form of the template method pattern, but one that doesn’t rely on inheritance.

[…]

Fortunately, we’re saved by protocol extensions here. We can give a default implementation for these properties in an extension, and we can leave it out of the individual request structs.

David Owens II:

To put it another way, if your protocol really only has meaning within your type hierarchy, ask yourself if it really makes sense to make it a protocol. I don’t think an answer of, “well, I want my type to be a struct so I need to use a protocol here instead” is a good reason. Decompose it and make it more applicable if that’s really the case.

[…]

Hopefully this is a just a point-in-time problem, but as soon as you make your protocols generic, you lose the ability have typed collection of hetergenous instances of protocols. I consider this a serious design limitation. For instance, all of the non-Self constrained functionality of a protocol should be safely callable from any place that protocol wants to be used.

This also applies to having your protocol adhere to generic protocols, such as Equatable. Generics are infectious.

Matthew “Canis” Rosenfeld:

Working with plain C structures is frequently a massive pain, so people often write “object oriented” wrappers around them to make them easier to work with. But then you run into leaky abstractions or impedance mismatch. In Swift, you can make the original raw C structs as easy to use as native Swift classes, and get the best of both worlds. Protocol conformance is a part of that.

So, yes, you can work with old-school BSD sockets code (this is a hypothetical example, don’t bug me about its utility) and throw sockaddrs into arrays, let Swift worry about managing their memory, diff those arrays to see what’s changed, and so on, and it all Just Works™.

I see this as one cornerstone of Swift’s “Grand Unified Theory” approach, where (however excited people might get by certain presentations) instead of saying Here Is The One New Way To Do Things, Swift instead allows you to mix and match whatever is appropriate to the task, whether that’s getting all functional, deeply dynamic, protocol-oriented, and more.

[…]

What you can’t do — and this is mostly where people are getting into trouble — is work with collections of arbitrary heterogenous generic protocols.

[…]

when you have an object of protocol type, that is actually a special object instance of about 40 bytes in size.

This is in turn due to that useful fact that anything, from an Int to a C struct to an Obj-C class can confirm to a protocol. You can’t simply cast an array of all those different types, to an array of the protocol, because the underlying data is completely different.

[…]

So, that’s why it stores these special Protocol instances instead, they’re adapters for the underlying types. And that’s why you can’t just cast arbitrary arrays to them. And why you can’t simply dispatch everything dynamically: some of those things just aren’t dynamic-able, because they might be C structs, Ints, native IEEE floating point values, or whatever, not Objective-C objects.

Brent Simmons:

Something like this ought to come naturally and easily to a language, or else that language is not helping me write apps.

This isn’t some weird, made-up situation. It’s super-common. Look at Mail’s sidebar, for instance — there are a bunch of different things. (Or look at Xcode’s sidebar.)

Yes. There are ways to deal with this in Swift, including using @objc protocols and collections. Or proxy objects or base classes (ugh) or whatever.

Andrew Bancroft:

Being a C# developer by day and a Swift developer by night has me constantly thinking about the similarities and differences between these two languages. I genuinely enjoy programming with each, and I love it when I can take a strategy that works well in one language, and see where that might cross over to the other. One of the areas I’ve been pondering as of late is the idea of how Swift and C# compare in terms of protocol extensions and abstract classes.

Previously: Swift Protocols, Arrays, and Casting, Swift Protocols Question, Swift Protocols and Generics.

Update (2015-09-04): Matthew Palmer:

This weekend, I rewrote most of Locksmith, my library for using the iOS keychain, to be protocol-oriented. This was a fascinating process, and one that isn’t yet finished.

[…]

Protocol oriented programming is the best approach I can think of to deal with this complexity and configurability.

Milen Dzhumerov:

Protocols in Swift can be generic via abstract type members rather than parameterisation. Consequently, the protocol itself can no longer be used as a type but only as a generic constraint.

[…]

If you’re interested in the tradeoffs between type parameterisation and abstract type members, check out the discussion on the dev forums and the article on how the issue affects Scala.

Update (2016-06-06): Ole Begemann:

I recently came across this post by Kevin Ballard on Swift Evolution that includes the best explanation I have seen for why method dispatch in protocols works the way it does […] So essentially, while protocols have a virtual function table, protocol extensions do not, and cannot easily have one because a type adopting the protocol won’t necessarily know about all extensions at compile time and therefore cannot add the extension methods to its own vtable.

How and Why We Designed Lucida

Bigelow & Holmes (via Hacker News):

First, a big x-height makes the typeface appear perceptually bigger, aiding legibility when text is viewed at greater than average reading distances or at small sizes, or both. Text on monitors was read at distances 50% greater than on paper, according to ergonomic recommendations of the 1980s. Second, the big x-height provides more pixels for better definition of features in the x-height region, which typically carries more information than ascenders and descenders, thus helping distinguish letter shapes for better recognition.

[…]

Beyond these global adjustments, generous spacing also prevented some local problems when errors in rasterization and fitting make adjacent letters accidentally merge, as often happened with a popular grotesque sans-serif in early laser printers, when ‘r’ touched a following ’n’ and made a spurious ‘m’, turning words like “fern” into “fem”.

[…]

At low resolutions, these differentiating details can be obscured, so, we lowered the arch join, cutting more deeply into the shape than in normal grotesque sans-serifs. This also tended to increase the thickness of the arch, further distinguishing ’n’ from ‘o’.

[…]

When we designed the first Lucida fonts, we chose a slightly dark weight to compensate for erosion around the edges of black letters on white background screens and on write-white laser printers, which visually reduce weight, making text look weak in small sizes. The slightly dark weight made Lucida well adapted to most screen displays for almost 30 years, but printing on 300 dot-per-inch write-black laser printers had a slightly darker tone than we desired.

What Publishers Should Know About iOS 9

Marko Karppinen:

Ad blocking apps on iOS will not be able to perform heuristic analysis of web content to recognize and block ads, which is what most advanced desktop blockers do; instead, the blocker must prepare explicit rules for the URLs and page element names Safari should block. This system makes it easy to target common trackers, beacons and ad networks, but blocking first-party ad serving will be much more difficult.

We see this feature affecting the mobile publishing landscape in two ways. Most importantly, widespread web ad blocking clearly bolsters the case for native apps over web sites: publishers will remain in complete control over the way content and ads appear in their native apps.

[…]

On the App Store side, Newsstand makes way for a new App Store category called Magazines & Newspapers. It will be just like any other App Store section, with one benefit remaining exclusive to periodicals: publications will continue to be able to change their app descriptions and screenshots at will, not just when uploading a new version of their app. These updates will have to be made manually, though: the Atom feeds that enabled automatic updates of issue descriptions and cover images will no longer be supported.

And, speaking of issue cover images, they are gone from the App Store and the devices, just like the rest of the Newsstand feature.

[…]

Apple News also raises the bar for news reading experiences on the platform. Most current newspaper and magazine apps are simply not as nice to use as Apple News will be. This is something publishers will have to address if they wish to convert Apple News readers to paying regulars in their own apps. In iOS 9, after all, the button back to Apple News will beckon them on the status bar.

Dave Hamilton:

Content blockers in iOS 9 (or, indeed, every other platform that will eventually adopt them in a similar way) don’t mean the end of ads on the web or the end of your favorite publishers. They just mean the end of massive third-party aggregators that rely on complex browser-run scripts to serve ads en masse to thousands of different web sites daily. If a website wants to take a direct sponsorship (as we do here at TMO), iOS 9’s content blockers won’t stop you from seeing that. If a website wants to run its own scriptless ad server engine and serve simple ad images (as we used to here at TMO), nothing will stop you from seeing those. There’s no reason for content blockers to stop you from seeing those because they’re delivered just like the text or an image in an article — and you certainly wouldn’t want a content blocker to stop you from getting that.

Frankly, I’m pretty bullish on the concept of iOS 9’s Content Blockers, and am looking forward to their mass adoption. Yes, it means we’ll need to abandon some of the easy/remnant methods of earning money here, but most of those methods have become worth less and less to us — and become more and more annoying to you, our readers.

GasBuddy’s New Privacy Policy

GasBuddy (via Slashdot):

In addition, if you access the Service through the Internet, your browser may allow you to adjust your browser settings so that “do not track” requests are sent to the websites that you visit. However, GasBuddy will not disable tracking technology that may be active on the Service in response to any “do not track” requests that we receive from your browser.

How to Use -updateConstraints

Ole Begemann (tweet):

So should you use updateConstraints() as suggested in the documentation? In this year’s Mysteries of Auto Layout (Part 2) WWDC session, Apple gives different advice:

Really, all this is is a way for views to have a chance to make changes to constraints just in time for the next layout pass, but it’s often not actually needed.

All of your initial constraint setup should ideally happen inside Interface Builder. Or if you really find that you need to allocate your constraints programmatically, some place like viewDidLoad is much better. updateConstraints is really just for work that needs to be repeated periodically.

Also, it’s pretty straightforward to just change constraints when you find the need to do that; whereas, if you take that logic apart from the other code that’s related to it and you move it into a separate method that gets executed at a later time, your code becomes a lot harder to follow, so it will be harder for you to maintain, it will be a lot harder for other people to understand.

So when would you need to use updateConstraints? Well, it boils down to performance. If you find that just changing your constraints in place is too slow, then update constraints might be able to help you out. It turns out that changing a constraint inside updateConstraints is actually faster than changing a constraint at other times. The reason for that is because the engine is able to treat all the constraint changes that happen in this pass as a batch.

Sony A7R II Focus Accuracy

Lloyd Chambers:

The DSLR is looking like not just a dinosaur, but a lame dinosaur, given these advances. How long will CaNikon watch Sony advance without responding? The optical viewfinder is great for some things, but I say get rid of it—it is a huge liability for most things. Mirrorless is now the leading technology on the market, solving real issues for real photography.

The Sony A7R II makes outstanding images with low noise and excellent dynamic range at 42 megapixels that are always in focus. Notwithstanding some file quality limitations and disappointing 12-bit behavior in certain situations, nothing else can touch this track record of ultra-high hit rate.

Marco Arment:

With the combination of fast phase-detect autofocus across the majority of the sensor, subject tracking, face- and eye-detection, an image-stabilized sensor, auto-ISO with programmable minimum shutter speed, very low noise at high ISOs, and incredible dynamic range, I’m finally breaking my long-held habit of taking three or five nearly identical photos at each opportunity to ensure that one of them is sharp and usable.